cvelistv5 - CVE-2023-24934

CVE-2023-24934 (GCVE-0-2023-24934)

Vulnerability from cvelistv5

Published

2023-04-14 21:27

Modified

2025-01-23 01:05

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

Microsoft Defender Security Feature Bypass Vulnerability

References

URL

	Vendor	Product	Version
	Microsoft	Microsoft Malware Protection Platform	Version: 4.0.0.0 < 4.18.2303.8

CERTFR-2023-AVI-0320

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Edge	Microsoft Edge versions antérieures à 109.01518.100
Microsoft	Edge	Microsoft Edge versions antérieures à 112.0.1722.48
Microsoft	N/A	Microsoft Defender Security Feature sans la dernière mise à jour (1.387.1287.0)

References

Title

Publication Time

WID-SEC-W-2023-0985

Vulnerability from csaf_certbund

Published

2023-04-16 22:00

Modified

2023-04-16 22:00

Summary

Microsoft Defender: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Malware Protection Engine ist Bestandteil verschiedener Sicherheitsprodukte von Microsoft und stellt selbigen das Scannen sowie Erkennen und Entfernen von Schadprogrammen zur Verfügung.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Microsoft Defender ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Malware Protection Engine ist Bestandteil verschiedener Sicherheitsprodukte von Microsoft und stellt selbigen das Scannen sowie Erkennen und Entfernen von Schadprogrammen zur Verf\u00fcgung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Microsoft Defender ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0985 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0985.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0985 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0985"
      },
      {
        "category": "external",
        "summary": "Microsoft Security Advisory vom 2023-04-16",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Defender: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2023-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:01.697+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0985",
      "initial_release_date": "2023-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft Malware Protection Engine",
            "product": {
              "name": "Microsoft Malware Protection Engine",
              "product_id": "62085",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:malware_protection_engine:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24934",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Microsoft Defender, welche nicht im Detail beschrieben wird. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "62085"
        ]
      },
      "release_date": "2023-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-24934"
    }
  ]
}

wid-sec-w-2023-0985

Vulnerability from csaf_certbund

Published

2023-04-16 22:00

Modified

2023-04-16 22:00

Summary

Microsoft Defender: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Produktbeschreibung

Die Malware Protection Engine ist Bestandteil verschiedener Sicherheitsprodukte von Microsoft und stellt selbigen das Scannen sowie Erkennen und Entfernen von Schadprogrammen zur Verfügung.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in Microsoft Defender ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Malware Protection Engine ist Bestandteil verschiedener Sicherheitsprodukte von Microsoft und stellt selbigen das Scannen sowie Erkennen und Entfernen von Schadprogrammen zur Verf\u00fcgung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in Microsoft Defender ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0985 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0985.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0985 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0985"
      },
      {
        "category": "external",
        "summary": "Microsoft Security Advisory vom 2023-04-16",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Defender: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2023-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:01.697+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0985",
      "initial_release_date": "2023-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Microsoft Malware Protection Engine",
            "product": {
              "name": "Microsoft Malware Protection Engine",
              "product_id": "62085",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:malware_protection_engine:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24934",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Microsoft Defender, welche nicht im Detail beschrieben wird. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "62085"
        ]
      },
      "release_date": "2023-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-24934"
    }
  ]
}

fkie_cve-2023-24934

Vulnerability from fkie_nvd

Published

2023-04-14 22:15

Modified

2024-11-21 07:48

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

Microsoft Defender Security Feature Bypass Vulnerability

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	malware_protection_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:malware_protection_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CED330B-A74F-464A-8F49-722EA41968A0",
              "versionEndExcluding": "4.18.2303.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Defender Security Feature Bypass Vulnerability"
    }
  ],
  "id": "CVE-2023-24934",
  "lastModified": "2024-11-21T07:48:47.787",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-14T22:15:07.433",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

msrc_cve-2023-24934

Vulnerability from csaf_microsoft

Published

2023-04-11 07:00

Modified

2023-04-27 07:00

Summary

Microsoft Defender Security Feature Bypass Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Tomer Bar and Omer Attias with \u003ca href=\"https://safebreach.com/\"\u003eSafeBreach\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-24934 Microsoft Defender Security Feature Bypass Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
      },
      {
        "category": "self",
        "summary": "CVE-2023-24934 Microsoft Defender Security Feature Bypass Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/2023/msrc_cve-2023-24934.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Defender Security Feature Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2023-04-27T07:00:00.000Z",
      "generator": {
        "date": "2025-01-23T01:04:30.412Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-24934",
      "initial_release_date": "2023-04-11T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-04-14T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published. This CVE was addressed by updates that were released in April 2023, but the CVE was inadvertently omitted from the April 2023 Security Updates. This is an informational change only. Customers who have already installed the April 2023 updates do not need to take any further action."
        },
        {
          "date": "2023-04-18T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added FAQ information. This is an informational change only."
        },
        {
          "date": "2023-04-19T07:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Updated the products listed in the Security Updates table. This is an informational change only."
        },
        {
          "date": "2023-04-27T07:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added an acknowledgement. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c4.18.2303.8",
            "product": {
              "name": "Microsoft Malware Protection Platform \u003c4.18.2303.8",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "4.18.2303.8",
            "product": {
              "name": "Microsoft Malware Protection Platform 4.18.2303.8",
              "product_id": "12183"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Malware Protection Platform"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-24934",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could bypass the Windows Defender detection with a specially crafted file.",
          "title": "What kind of security feature could be bypassed by successfully exploiting this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Last version of the Microsoft Malware Protection Platform affected by this vulnerability: Last version of the Microsoft Malware Protection Platform affected by this vulnerability, Version 4.18.2302.7: Version 4.18.2302.7, First version of the Microsoft Malware Protection Platform with this vulnerability addressed: First version of the Microsoft Malware Protection Platform with this vulnerability addressed, Version 4.18.2303.8: Version 4.18.2303.8\nSee Manage Updates Baselines Microsoft Defender Antivirus for more information.\nVulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state.\nIn response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.\nFor enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.\nBest practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Platform updates and malware definitions, is working as expected in their environment.\nMicrosoft typically releases an update for the Microsoft Malware Protection Platform once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.\nDepending on which Microsoft antimalware software is used and how it is configured, the software may search for platform, engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.\nThe Microsoft Malware Protection Platform is a collection of user-mode binaries (e.g. MsMpEng.exe) and kernel-mode drivers that run on top of Windows to keep devices protected against new and prevalent threats.\nDefender runs on all supported version of Windows.\nYes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials.\nYes.\u00a0 In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.\nCustomers should verify that the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed for their Microsoft antimalware products.\nOpen the Windows Security program. For example, type Security in the Search bar, and select the Windows Security program.\nIn the navigation pane, select Virus \u0026amp; threat protection.\nUnder Virus \u0026amp; threat protection updates in the main window, select Check for updates\nSelect Check for updates again.\nIn the navigation pane, select Settings, and then select About.\nExamine the Platform Version number. The update was successfully installed if the Malware Protection Platform version number or the signature package version number matches or exceeds the version number that you are trying to verify as installed.",
          "title": "Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?"
        }
      ],
      "product_status": {
        "fixed": [
          "12183"
        ],
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-24934 Microsoft Defender Security Feature Bypass Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
        },
        {
          "category": "self",
          "summary": "CVE-2023-24934 Microsoft Defender Security Feature Bypass Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-04-14T07:00:00.000Z",
          "details": "4.18.2303.8:Security Update:https://www.microsoft.com/en-us/wdsi/defenderupdates",
          "product_ids": [
            "1"
          ],
          "url": "https://www.microsoft.com/en-us/wdsi/defenderupdates"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.6,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Security Feature Bypass"
        },
        {
          "category": "exploit_status",
          "details": "Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft Defender Security Feature Bypass Vulnerability"
    }
  ]
}

gsd-2023-24934

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Microsoft Defender Security Feature Bypass Vulnerability

Aliases

CVE-2023-24934

Aliases

CVE-2023-24934

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-24934",
    "id": "GSD-2023-24934"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-24934"
      ],
      "details": "Microsoft Defender Security Feature Bypass Vulnerability",
      "id": "GSD-2023-24934",
      "modified": "2023-12-13T01:20:58.049587Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2023-24934",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Malware Protection Platform",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "4.0.0.0",
                          "version_value": "4.18.2303.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Defender Security Feature Bypass Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Security Feature Bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:malware_protection_platform:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5CED330B-A74F-464A-8F49-722EA41968A0",
                    "versionEndExcluding": "4.18.2303.8",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Microsoft Defender Security Feature Bypass Vulnerability"
          }
        ],
        "id": "CVE-2023-24934",
        "lastModified": "2023-12-15T18:14:59.947",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.5,
              "impactScore": 3.6,
              "source": "secure@microsoft.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-04-14T22:15:07.433",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ghsa-c22w-mqxf-h69m

Vulnerability from github

Published

2023-04-15 00:30

Modified

2023-04-15 00:30

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Microsoft Defender Security Feature Bypass Vulnerability

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-24934"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-14T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Defender Security Feature Bypass Vulnerability",
  "id": "GHSA-c22w-mqxf-h69m",
  "modified": "2023-04-15T00:30:36Z",
  "published": "2023-04-15T00:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24934"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-24934 (GCVE-0-2023-24934)

Vulnerability from cvelistv5

CERTFR-2023-AVI-0320

Vulnerability from certfr_avis

Solution

WID-SEC-W-2023-0985

Vulnerability from csaf_certbund

wid-sec-w-2023-0985

Vulnerability from csaf_certbund

fkie_cve-2023-24934

Vulnerability from fkie_nvd

msrc_cve-2023-24934

Vulnerability from csaf_microsoft

gsd-2023-24934

Vulnerability from gsd

ghsa-c22w-mqxf-h69m

Vulnerability from github

Tags

Sightings

Nomenclature