Protection mechanism failure in Windows and Windows Server - CVE-2024-38213
Published: August 13, 2024 / Updated: September 12, 2024
Vulnerability identifier: #VU95835
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2024-38213
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. An attacker can bypass Windows Mark of the Web security feature.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2024-38213
Install updates from vendor's website.