CVE-2024-38217 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

Exploit added

September 10, 2024

Action due

October 1, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows Mark of the Web Security Feature Bypass Vulnerability

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217

Weakness Enumeration

CWE-ID	CWE Name
CWE-693	Protection Mechanism Failure

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7336::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7259::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7159::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7070::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7336::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7515::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7159::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7070::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7428::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6981::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7428::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6800::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7159::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6796::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6796::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6796::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7070::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6796::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6897::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7515::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6981::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7259::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7159::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7259::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6709::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7515::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7336::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6709::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7259::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7336::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6897::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6800::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7515::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7070::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6981::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6981::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.709:::::::*
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2788::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3803::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3693::::::arm64:
cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.2713::::::x64:
cpe:2.3:o:microsoft:windows_11_21h2:10.0.22000.2713::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5329::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930::::::x64:
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6614:::::::*
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.3007::::::arm64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.643:::::::*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5329:::::::*
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007:::::::*
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930::::::x64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.25398.643:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2227:::::::*
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.3007::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6614::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6614::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20402::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20402::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.3930::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930::::::x86:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.3007::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.3930::::::arm64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.521::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.531::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.584::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:-::::::x64:
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1070::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1487::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1366::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1311::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1194::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1249::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1129::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1006::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1368::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1251::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1131::::azure::x64:*

Details

Source:
NVD

Published:
September 10, 2024

Updated:
September 12, 2024

Risk information

CVSS v3

Base score:
5.4

Severity:

MEDIUM

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVSS v2

Not defined