CVE-2024-21351
Published: 13 February 2024
Summary
CVE-2024-21351 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.6 (High).
Operationally, ranked in the top 6.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2024-21351 is a security feature bypass vulnerability in Windows SmartScreen that allows an attacker to circumvent the platform's warnings and reputation checks for potentially malicious downloads or web content. The affected component is the SmartScreen filter integrated into Windows, which normally inspects files and URLs before execution or opening.
An unauthenticated remote attacker can exploit the flaw by serving specially crafted content over the network that triggers the bypass when a user interacts with it, such as by clicking a link or opening a file. Successful exploitation can result in limited disclosure of information, high impact on integrity through execution of attacker-controlled code, and limited availability effects, all without requiring elevated privileges on the target system.
Microsoft's security update guide for CVE-2024-21351 describes the availability of patches that address the bypass condition, and the vulnerability is tracked in the CISA Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The associated EPSS score has reached a peak of 0.1316 with a current value of 0.1067.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19063
Vulnerability details
Windows SmartScreen Security Feature Bypass Vulnerability
- CWE(s)
- KEV Date Added
- 13 February 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SmartScreen is a built-in malicious-code reputation service; SI-3 directly requires implementation and enforcement of such protections to block untrusted content.
The vulnerability bypasses SmartScreen's enforcement decision, so AC-3 ensures the system still applies the intended allow/deny outcome for downloaded or executed objects.
SI-7 requires integrity verification of software and information, which can detect or block tampering that leads to SmartScreen bypass.