Cyber Resilience

CVE-2024-21351

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 13 February 2024

Published
13 February 2024
Modified
28 October 2025
KEV Added
13 February 2024
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
EPSS Score 0.1067 93.5th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-21351 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.6 (High).

Operationally, ranked in the top 6.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen that allows an attacker to circumvent the platform's warnings and reputation checks for potentially malicious downloads or web content. The affected component is the SmartScreen filter integrated into Windows, which normally inspects files and URLs before execution or opening.

An unauthenticated remote attacker can exploit the flaw by serving specially crafted content over the network that triggers the bypass when a user interacts with it, such as by clicking a link or opening a file. Successful exploitation can result in limited disclosure of information, high impact on integrity through execution of attacker-controlled code, and limited availability effects, all without requiring elevated privileges on the target system.

Microsoft's security update guide for CVE-2024-21351 describes the availability of patches that address the bypass condition, and the vulnerability is tracked in the CISA Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The associated EPSS score has reached a peak of 0.1316 with a current value of 0.1067.

EU & UK References

Vulnerability details

Windows SmartScreen Security Feature Bypass Vulnerability

CWE(s)
KEV Date Added
13 February 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20469
microsoft
windows 10 1607
≤ 10.0.14393.6709
microsoft
windows 10 1809
≤ 10.0.17763.5458
microsoft
windows 10 21h2
≤ 10.0.19044.4046
microsoft
windows 10 22h2
≤ 10.0.19045.4046
microsoft
windows 11 21h2
≤ 10.0.22000.2777
microsoft
windows 11 22h2
≤ 10.0.22621.3155
microsoft
windows 11 23h2
≤ 10.0.22631.3155
microsoft
windows server 2016
all versions
microsoft
windows server 2019
≤ 10.0.17763.5458
+2 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SmartScreen is a built-in malicious-code reputation service; SI-3 directly requires implementation and enforcement of such protections to block untrusted content.

prevent

The vulnerability bypasses SmartScreen's enforcement decision, so AC-3 ensures the system still applies the intended allow/deny outcome for downloaded or executed objects.

preventdetect

SI-7 requires integrity verification of software and information, which can detect or block tampering that leads to SmartScreen bypass.

References