Windows SmartScreen Security Feature Bypass Vulnerability - 20230315003

Overview

Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. CVE-2023-24880 Security Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880

What is the vulnerability?

CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

What is vulnerable?

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

What has been observed?

CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties catalog.

Recommendation

Apply updates per vendor instructions.

Due date : 2023-04-04.