CVE-2024-38180

Опубликовано: 13 авг. 2024

Источник: msrc

CVSS3: 8.8

EPSS Низкий

Описание

Windows SmartScreen Security Feature Bypass Vulnerability

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

A user needs to be tricked into running malicious files.

How could an attacker exploit this vulnerability?

To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown.

Windows 11, version 24H2 is not generally available yet. Why are there updates for this version of Windows listed in the Security Updates table?

The new Copilot+ devices that are now publicly available come with Windows 11, version 24H2 installed. Customers with these devices need to know about any vulnerabilities that affect their machine and to install the updates if they are not receiving automatic updates. Note that the general availability date for Windows 11, version 24H2 is scheduled for later this year.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5041850 5041847	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5041850 5041847	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5041850 5041847	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5041838 5041823	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5041838 5041823	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5041850 5041847	Monthly Rollup Security Only
Windows Server 2012	5041851	Monthly Rollup
Windows Server 2012 (Server Core installation)	5041851	Monthly Rollup
Windows Server 2012 R2	5041828	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5041828	Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 90%

0.05553

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2024-38180

CVSS3: 8.8

nvd

10 месяцев назад

Windows SmartScreen Security Feature Bypass Vulnerability

GHSA-fpq3-933h-fgw6

CVSS3: 8.8

github

10 месяцев назад

Windows SmartScreen Security Feature Bypass Vulnerability

BDU:2024-06429

CVSS3: 8.8

fstec

10 месяцев назад

Уязвимость функции безопасности Windows SmartScreen операционных систем Windows, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 90%

0.05553

Низкий

8.8 High

CVSS3