CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-21351

Medium Severity
Microsoft
SVRS
30/100
CVSSv3
NA/10
EPSS
0.05701/1

CVE-2024-21351 is a Windows SmartScreen Security Feature Bypass Vulnerability. This vulnerability allows attackers to bypass security warnings in Windows SmartScreen, potentially leading users to execute malicious files without being properly warned. The SOCRadar Vulnerability Risk Score (SVRS) for CVE-2024-21351 is 30, indicating a moderate risk level. Although the CVSS score is 0, its presence "In The Wild" and on the CISA KEV list elevates its importance. Successful exploitation can compromise system security by allowing the execution of untrusted code. While the SVRS is not critical (above 80), the active exploits highlight the need to stay informed. Mitigation steps should be taken to avoid potential threats, emphasizing the importance of layered security.

TAGS
In The Wild
CISA KEV
VECTOR STRING
PUBLICATION DATE2024-02-13
LAST MODIFIED2024-08-14
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-21351 is a critical vulnerability in Windows SmartScreen, a security feature designed to protect users from malicious software and websites. This vulnerability allows attackers to bypass SmartScreen's protections and execute arbitrary code on affected systems. The SVRS for this vulnerability is 0, indicating a low risk of exploitation. However, the availability of active exploits makes this vulnerability a potential threat to users.

Key Insights:

  1. Threat Actors/APT Groups: There is no information available regarding specific threat actors or APT groups actively exploiting this vulnerability.

  2. Exploit Status: Active exploits have been published, indicating that attackers can use them to exploit the vulnerability.

  3. CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.

  4. In the Wild: There is no information available to suggest that this vulnerability is actively exploited in the wild.

Mitigation Strategies:

  1. Apply Software Updates: Ensure that all Windows systems are updated with the latest security patches, including the patch for CVE-2024-21351.

  2. Enable Enhanced Security Features: Enable additional security features such as Windows Defender Exploit Guard and Windows Defender Application Control to help prevent exploitation of this vulnerability.

  3. Educate Users: Educate users about the risks associated with downloading and executing files from untrusted sources.

  4. Implement Network Segmentation: Implement network segmentation to limit the spread of potential attacks if the vulnerability is exploited.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Microsoft Windows SmartScreen Security Feature Bypass Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-213512024-02-13
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138)
Tenable Security Response Team2024-12-11
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) | 16Critical 54Important 0Moderate 0Low
securityboulevard.com
rss
forum
news
CVE-2024-21351 | Microsoft Windows up to Server 2022 SmartScreen code injection
vuldb.com2024-11-29
CVE-2024-21351 | Microsoft Windows up to Server 2022 SmartScreen code injection | A vulnerability, which was classified as critical, was found in Microsoft Windows up to Server 2022. Affected is an unknown function of the component SmartScreen. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-21351. It is possible to launch the attack remotely. Furthermore, there is an exploit
vuldb.com
rss
forum
news
19th February – Threat Intelligence Report - Check Point Research
2024-02-19
19th February – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 19th February, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Romanian hospital patients’ data management system, Hipocrate IT Platform, was hit by a ransomware attack, leading to data encryption of over 20 Bucharest hospitals. The attack rendered the hospital staff resorting to manual logging and tracking of critical patient data and progress. Another 79 Romanian hospitals using Hipocrate went offline following the attack, which was first detected on February 10. The attackers used Backmydata ransomware, a variant
google.com
rss
forum
news
Microsoft patches 2 exploited zero-days, 5 critical vulnerabilities - scworld.com
2024-02-14
Microsoft patches 2 exploited zero-days, 5 critical vulnerabilities - scworld.com | News Content: Two zero-day vulnerabilities actively exploited by ransomware threat groups were among 73 bugs Microsoft addressed in this month’s Patch Tuesday release. The zero-days included a bug that allows hackers to bypass a security feature designed to protect against malicious internet shortcut files, and another that allows attackers to bypass SmartScreen security checks. February’s batch of 73 patches — up from the 48 released last month — included fixes for five bugs rated "critical," impacting a range of Microsoft solutions including Office, Exchange Server and Dynamics 365
google.com
rss
forum
news
DarkMe RAT spread via novel Windows Defender zero-day - scworld.com
2024-02-14
DarkMe RAT spread via novel Windows Defender zero-day - scworld.com | News Content: February 14, 2024 Share BleepingComputer reports that attacks exploiting a new Windows Defender zero-day flaw, tracked as CVE-2024-21412, have been conducted by the Water Hydra threat operation, also known as DarkCasino, against foreign exchange traders on New Year's Eve to facilitate the distribution of the DarkMe remote access trojan. Water Hydra leveraged the vulnerability which has been addressed by Microsoft alongside another Windows SmartScreen zero-day, tracked as CVE-2024-21351, as part of this month's Patch Tuesday to bypass Windows Defender SmartScreen
google.com
rss
forum
news
Microsoft patches 2 exploited zero-days, 5 critical vulnerabilities - SC Media
2024-02-14
Microsoft patches 2 exploited zero-days, 5 critical vulnerabilities - SC Media | News Content: Two zero-day vulnerabilities actively exploited by ransomware threat groups were among 73 bugs Microsoft addressed in this month’s Patch Tuesday release. The zero-days included a bug that allows hackers to bypass a security feature designed to protect against malicious internet shortcut files, and another that allows attackers to bypass SmartScreen security checks. February’s batch of 73 patches — up from the 48 released last month — included fixes for five bugs rated "critical," impacting a range of Microsoft solutions including Office, Exchange Server and Dynamics
google.com
rss
forum
news
Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation - The Hacker News
2024-02-15
Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation - The Hacker News | News Content: Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as a case of privilege escalation impacting the Exchange Server. "An attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability," the company said in an advisory published this
google.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351

CWE Details

CWE IDCWE NameDescription
CWE-94Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence