CVE-2024-21351
CVSS v3.1
7.6 (High)
EPSS
4.76 % (93th)
Affected Products
12
Advisories
2
NVD Status
Analyzed
Windows SmartScreen Security Feature Bypass Vulnerability
Weaknesses
- CWE-94
- Improper Control of Generation of Code ('Code Injection')
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- Microsoft Corporation
- Published Date
-
2024-02-13 18:15:51
(7 months ago) - Updated Date
-
2024-08-14 19:41:39
(5 weeks ago)
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.
- Required Action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351
- Vendor
- Microsoft
- Product
- Windows
- In CISA Catalog from
-
2024-02-13
(7 months ago) - Due Date
-
2024-03-05
(6 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...