Security features bypass in Microsoft Windows Mark of the Web



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-30050
CWE-ID CWE-254
Exploitation vector Network
Public exploit N/A
Vulnerable software
Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Security features bypass

EUVDB-ID: #VU89478

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-30050

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to security features bypass in Windows Mark of the Web. A remote attacker can trick a victim to open a specially crafted file and interfere with the Mark of the Web functionality.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.4412, 10 22H2 10.0.19045.4412, 10 1507 10.0.10240.20651, 10 1607 10.0.14393.6981, 10 1809 10.0.17763.5820, 11 21H2 10.0.22000.2960, 11 22H2 10.0.22621.3593, 11 23H2 10.0.22631.3593, 10 21H2 10.0.19044.4412, 10 21H2 10.0.19044.4412, 10 21H2 10.0.19044.4412, 10 21H2 10.0.19044.4412, 10 21H2 10.0.19044.4412, 10 21H2 10.0.19044.4412, 10 21H2 10.0.19044.4412

Windows Server: before 2008 R2 6.1.7601.27117, 2008 6.0.6003.22668, 2012 R2 6.3.9600.21972, 2012 6.2.9200.24868, 2016 10.0.14393.6981, 2022 10.0.20348.2458, 2022 10.0.20348.2461, 2008 R2 6.1.7601.27117, 2008 R2 6.1.7601.27117, 2008 R2 6.1.7601.27117

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-30050


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###