CVE-2024-21351
Vulnerability from cvelistv5
Published
2024-02-13 18:02
Modified
2024-10-09 01:49
Summary
Windows SmartScreen Security Feature Bypass Vulnerability
Impacted products
Vendor Product Version
Microsoft Windows 11 version 22H3 Version: 10.0.0   < 10.0.22631.3155
    cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3155:*:*:*:*:*:arm64:*
Microsoft Windows 10 Version 1809 Version: 10.0.0   < 10.0.17763.5458
    cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < 10.0.17763.5458
    cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5458:*:*:*:*:*:*:*
Microsoft Windows Server 2022 Version: 10.0.0   < 10.0.20348.2322
    cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2322:*:*:*:*:*:*:*
Microsoft Windows 11 version 21H2 Version: 10.0.0   < 10.0.22000.2777
    cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2777:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2777:*:*:*:*:*:arm64:*
Microsoft Windows 10 Version 21H2 Version: 10.0.0   < 10.0.19044.4046
    cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4046:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4046:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4046:*:*:*:*:*:x64:*
Microsoft Windows 11 version 22H2 Version: 10.0.0   < 10.0.22621.3155
    cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3155:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3155:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 22H2 Version: 10.0.0   < 10.0.19045.4046
    cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4046:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4046:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4046:*:*:*:*:*:x86:*
Microsoft Windows 10 Version 1507 Version: 10.0.0   < 10.0.10240.20469
    cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20469:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20469:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1607 Version: 10.0.0   < 10.0.14393.6709
    cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6709:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6709:*:*:*:*:*:x64:*
Microsoft Windows Server 2016 Version: 10.0.0   < 10.0.14393.6709
    cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6709:*:*:*:*:*:*:*
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2024-02-13

Due date: 2024-03-05

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21351",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T18:40:04.299781Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-02-13",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21351"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:37:55.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:20:40.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows SmartScreen Security Feature Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3155:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 23H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3155",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3155:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 22H3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22631.3155",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5458",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5458:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.5458",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2322:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.2322",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2777:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2777:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2777",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4046:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4046:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4046:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.4046",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3155:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3155:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.3155",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4046:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4046:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4046:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.4046",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20469:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20469:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20469",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6709:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6709:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6709",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6709:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.6709",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-02-13T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows SmartScreen Security Feature Bypass Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:49:35.688Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows SmartScreen Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351"
        }
      ],
      "title": "Windows SmartScreen Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-21351",
    "datePublished": "2024-02-13T18:02:12.076Z",
    "dateReserved": "2023-12-08T22:45:19.375Z",
    "dateUpdated": "2024-10-09T01:49:35.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-21351",
      "cwes": "[\"CWE-94\"]",
      "dateAdded": "2024-02-13",
      "dueDate": "2024-03-05",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351",
      "product": "Windows",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows SmartScreen Security Feature Bypass Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-21351\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-02-13T18:15:51.333\",\"lastModified\":\"2024-11-29T15:27:41.817\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows SmartScreen Security Feature Bypass Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de omisi\u00f3n de la funci\u00f3n de seguridad SmartScreen de Windows\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7}]},\"cisaExploitAdd\":\"2024-02-13\",\"cisaActionDue\":\"2024-03-05\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft Windows SmartScreen Security Feature Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.10240.20469\",\"matchCriteriaId\":\"448534CE-1C07-4DF1-8EDD-C43C3492898B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.14393.6709\",\"matchCriteriaId\":\"2D282E53-ABBF-4832-9C93-A988586AE96E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.5458\",\"matchCriteriaId\":\"A1689DFD-D52D-4121-BFD7-DBF2BE4E7DE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.4046\",\"matchCriteriaId\":\"C78776CC-3A9C-41A3-8BEB-D71D92F6579D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.4046\",\"matchCriteriaId\":\"806CA6D2-42B2-4244-A5ED-D23E6DD56772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.2777\",\"matchCriteriaId\":\"3F7F8173-9E59-48E4-98C9-4BEB6AE79451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.3155\",\"matchCriteriaId\":\"84EDBE52-EFE0-4D6D-AA76-698B6F9687D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22631.3155\",\"matchCriteriaId\":\"900D1DA2-6DA7-4681-966A-B9973B1329EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.5458\",\"matchCriteriaId\":\"A9098F92-79E7-4762-A37C-99B4CFA8CDD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.20348.2322\",\"matchCriteriaId\":\"5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.25398.709\",\"matchCriteriaId\":\"B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.