Sep 2024: Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38217 Published on September 10, 2024
Windows Mark of the Web Security Feature Bypass Vulnerability
Known Exploited Vulnerability
This Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.
The following remediation steps are recommended / required by October 1, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weakness Type
Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Products Associated with CVE-2024-38217
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-38217 are published in these products:
Affected Versions
Microsoft Windows 10 Version 1809:- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.20348.0 and below 10.0.20348.2700 is affected.
- Version 10.0.0 and below 10.0.22000.3197 is affected.
- Version 10.0.19043.0 and below 10.0.19044.4894 is affected.
- Version 10.0.22621.0 and below 10.0.22621.4169 is affected.
- Version 10.0.19045.0 and below 10.0.19045.4894 is affected.
- Version 10.0.22631.0 and below 10.0.22631.4169 is affected.
- Version 10.0.22631.0 and below 10.0.22631.4169 is affected.
- Version 10.0.25398.0 and below 10.0.25398.1128 is affected.
- Version 10.0.26100.0 and below 10.0.26100.1742 is affected.
- Version 10.0.10240.0 and below 10.0.10240.20766 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27320 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27320 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25073 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25073 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22175 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22175 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.