⚠ Actively exploited
Added to CISA KEV on 2024-08-13. Federal agencies required to patch by 2024-09-03. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-38213Protection Mechanism Failure in Microsoft Windows 10 Version 1507

CWE-693Protection Mechanism Failure8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
59.3%
top 1.75%
CISA KEV
KEV
Added 2024-08-13
Due 2024-09-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
23
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+20 more
Timeline
PublishedAug 13
KEV addedAug 13
Latest updateAug 15
KEV dueSep 3
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows Mark of the Web Security Feature Bypass Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages23 packages

NVDmicrosoft/windows< 6.2.9200.24919+5
NVDmicrosoft/windows_10_1507< 10.0.10240.20680
NVDmicrosoft/windows_10_1607< 10.0.14393.7070
NVDmicrosoft/windows_10_1809< 10.0.17763.5936
NVDmicrosoft/windows_10_21h2< 10.0.19044.4529

Patches

Patch: msrc.microsoft.com

🔴Vulnerability Details

3
CVEList
Windows Mark of the Web Security Feature Bypass Vulnerability2024-08-13
GHSA
GHSA-x6j5-wvpj-p4qv: Windows Mark of the Web Security Feature Bypass Vulnerability2024-08-13
VulnCheck
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability2024

📋Vendor Advisories

2
CISA
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability2024-08-13
Microsoft
Windows Mark of the Web Security Feature Bypass Vulnerability2024-08-13

🕵️Threat Intelligence

2
Trendmicro
CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections2024-08-15
Trendmicro
CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections2024-08-15
CVE-2024-38213 — Protection Mechanism Failure | cvebase