CVE-2023-32049
Published: 11 July 2023
Summary
CVE-2023-32049 is a high-severity an unspecified weakness vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 7.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
Windows SmartScreen contains a security feature bypass vulnerability that affects the Windows operating system component responsible for warning users about potentially malicious downloads and web content. The flaw is tracked as CVE-2023-32049 with a CVSS 3.1 score of 8.8, reflecting network attack vectors, low attack complexity, and no required privileges, though user interaction is needed to trigger the issue.
An unauthenticated remote attacker can exploit the bypass by serving specially crafted content that SmartScreen fails to evaluate correctly. Successful exploitation allows the attacker to suppress security prompts, enabling users to execute or access malicious files or sites that would otherwise be blocked, resulting in full compromise of confidentiality, integrity, and availability on the affected system.
Microsoft has published guidance and patches through its Security Response Center, while CISA has added the CVE to its catalog of known exploited vulnerabilities in the wild. The associated EPSS score has remained stable near 0.09 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-36336
Vulnerability details
Windows SmartScreen Security Feature Bypass Vulnerability
- CWE(s)
- KEV Date Added
- 11 July 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patch that closes the SmartScreen bypass before an attacker can serve malicious content.
Enforces use of malicious-code protection mechanisms such as SmartScreen to block execution of downloaded harmful payloads.
Requires integrity verification of software and downloaded information to detect or block execution when SmartScreen checks are evaded.