Cyber Resilience

CVE-2023-32049

HighCISA KEVActive ExploitationEUVD Exploited

Published: 11 July 2023

Published
11 July 2023
Modified
28 October 2025
KEV Added
11 July 2023
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0894 92.8th percentile
Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-32049 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 7.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

Windows SmartScreen contains a security feature bypass vulnerability that affects the Windows operating system component responsible for warning users about potentially malicious downloads and web content. The flaw is tracked as CVE-2023-32049 with a CVSS 3.1 score of 8.8, reflecting network attack vectors, low attack complexity, and no required privileges, though user interaction is needed to trigger the issue.

An unauthenticated remote attacker can exploit the bypass by serving specially crafted content that SmartScreen fails to evaluate correctly. Successful exploitation allows the attacker to suppress security prompts, enabling users to execute or access malicious files or sites that would otherwise be blocked, resulting in full compromise of confidentiality, integrity, and availability on the affected system.

Microsoft has published guidance and patches through its Security Response Center, while CISA has added the CVE to its catalog of known exploited vulnerabilities in the wild. The associated EPSS score has remained stable near 0.09 with no material increase since disclosure.

EU & UK References

Vulnerability details

Windows SmartScreen Security Feature Bypass Vulnerability

CWE(s)
KEV Date Added
11 July 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1607
≤ 10.0.14393.6085
microsoft
windows 10 1809
≤ 10.0.17763.4645
microsoft
windows 10 21h2
≤ 10.0.19041.3208
microsoft
windows 10 22h2
≤ 10.0.19045.3208
microsoft
windows 11 21h2
≤ 10.0.22000.2176
microsoft
windows 11 22h2
≤ 10.0.22621.1992
microsoft
windows server 2016
all versions
microsoft
windows server 2019
all versions
microsoft
windows server 2022
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patch that closes the SmartScreen bypass before an attacker can serve malicious content.

prevent

Enforces use of malicious-code protection mechanisms such as SmartScreen to block execution of downloaded harmful payloads.

preventdetect

Requires integrity verification of software and downloaded information to detect or block execution when SmartScreen checks are evaded.

References