KEV · Actively exploited
CVE-2024-38217
HIGH 5.4
KEV
Windows Mark of the Web Security Feature Bypass Vulnerability
EPSS
13.77%
moderate exploit risk
percentile 94.4%
CISA Known Exploited Vulnerability
- Added to KEV
- 2024-09-10
- Remediation deadline
- 2024-10-01
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Ransomware
- No
OS versions that fix this CVE
This CVE is resolved by the following OS security releases. Update the OS to at least the listed version.
- Windows Fixed in Windows Server 2022 (Server Core installation) 10.0.20348.2700 Windows Server 2022 10.0.25398.1128 Windows Server 2019 (Server Core installation) 10.0.17763.6293 Windows Server 2019 10.0.17763.6293 Windows Server 2016 (Server Core installation) 10.0.14393.7336 Windows Server 2016 10.0.14393.7336 Windows 11 24H2 · 2024-H2 10.0.26100.1742 Windows 11 23H2 · 2023-H2 10.0.22631.4169 Windows 11 22H2 · 2022-H2 10.0.22621.4169 Windows 11 21H2 · 2021-H2 10.0.22000.3197 Windows 10 22H2 · 2022-H2 10.0.19045.4894 Windows 10 21H2 · 2021-H2 10.0.19044.4894 Windows 10 1809 · 2018-09 10.0.17763.6293 Windows 10 1607 · 2016-07 10.0.14393.7336