CVE CVE

CVE-2024-30040

CISA Known Exploited Vulnerability (KEV)

Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability

May 14, 2024

June 4, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows MSHTML Platform Security Feature Bypass Vulnerability

Weakness Enumeration

CWE-ID CWE Name

CWE-20
Improper Input Validation

Known Affected Software Configurations


cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788:*:*:*:*:*:arm64:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803:*:*:*:*:*:arm64:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693:*:*:*:*:*:arm64:*

cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.2713:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.3007:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.3007:*:*:*:*:*:arm64:*

cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20402:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.643:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.2713:*:*:*:*:*:arm64:*

cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5329:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6614:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5329:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.25398.643:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6614:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20402:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007:*:*:*:*:*:arm64:*

cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20402:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930:*:*:*:*:*:arm64:*

cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6614:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930:*:*:*:*:*:arm64:*

cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.531:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.521:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.584:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2113:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.230:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1607:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1906:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2031:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2159:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487:*:*:*:azure:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1970:*:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249:*:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366:*:*:*:azure:*:x64:*

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
8.8
Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

Not defined