1. Home
  2. Vulnerabilities
  3. CVE-2024-21351

CVE-2024-21351

CVSS v3.1 7.6 (High)
76% Progress
EPSS 4.76 % (93th)
4.76% Progress
Affected Products 12
Advisories 2
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows SmartScreen Security Feature Bypass Vulnerability

Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2024-02-13 18:15:51
(7 months ago)
Updated Date
2024-08-14 19:41:39
(5 weeks ago)
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2024-02-13
(7 months ago)
Due Date
2024-03-05
(6 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.20469 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.20469
  Microsoft Windows 10 1607 prior 10.0.14393.6709 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.6709
  Microsoft Windows 10 1809 prior 10.0.17763.5458 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.5458
  Microsoft Windows 10 21h2 prior 10.0.19044.4046 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.4046
  Microsoft Windows 10 22h2 prior 10.0.19045.4046 version cpe:2.3:o:microsoft:windows_10_22h2 < 10.0.19045.4046
  Microsoft Windows 11 21h2 prior 10.0.22000.2777 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.2777
  Microsoft Windows 11 22h2 prior 10.0.22621.3155 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.3155
  Microsoft Windows 11 23h2 prior 10.0.22631.3155 version cpe:2.3:o:microsoft:windows_11_23h2 < 10.0.22631.3155
  Microsoft Windows Server 2016 cpe:2.3:o:microsoft:windows_server_2016:-
  Microsoft Windows Server 2019 prior 10.0.17763.5458 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.5458
  Microsoft Windows Server 2022 prior 10.0.20348.2322 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.2322
  Microsoft Windows Server 2022 23h2 prior 10.0.25398.709 version cpe:2.3:o:microsoft:windows_server_2022_23h2 < 10.0.25398.709