KEV · Actively exploited
CVE-2024-21412
HIGH 8.1
KEV
Internet Shortcut Files Security Feature Bypass Vulnerability
EPSS
93.79%
exploit likely
percentile 99.9%
CISA Known Exploited Vulnerability
- Added to KEV
- 2024-02-13
- Remediation deadline
- 2024-03-05
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Ransomware
- Yes, known ransomware campaign
OS versions that fix this CVE
This CVE is resolved by the following OS security releases. Update the OS to at least the listed version.
- Windows Fixed in Windows Server 2022 (Server Core installation) 10.0.20348.2322 Windows Server 2022 10.0.25398.709 Windows Server 2019 (Server Core installation) 10.0.17763.5458 Windows Server 2019 10.0.17763.5458 Windows 11 23H2 · 2023-H2 10.0.22631.3155 Windows 11 22H2 · 2022-H2 10.0.22621.3155 Windows 11 21H2 · 2021-H2 10.0.22000.2777 Windows 10 22H2 · 2022-H2 10.0.19045.4046 Windows 10 21H2 · 2021-H2 10.0.19044.4046 Windows 10 1809 · 2018-09 10.0.17763.5458