Home / Vulnerabilities / CVE-2024-21351
HIGH SEVERITY
CVE-2024-21351Microsoft · Windows

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
7.6 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C
Exploitation Likelihood

EPSS Prediction

13.16 %
Predictive Probability
Percentile Rank
94.1 th

Documented as more likely to be exploited than 94.1% of known CVEs.

Detection Date

Feb 13, 2024

Remediation Due

Mar 05, 2024

CISA Catalog Active

Threat Analysis

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

Remediation Directive

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

External Intelligence

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2024-21351