- Description
- Windows Mark of the Web Security Feature Bypass Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
- Exploit added on
- Nov 16, 2023
- Exploit action due
- Dec 7, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "B344BCCF-1083-4E59-81CB-9431AE5FB79F",
"versionEndExcluding": "10.0.10240.20232"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "7B7A6BBD-847F-492D-8C7F-F262E03F9CA3",
"versionEndExcluding": "10.0.10240.20232"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C57AC4FD-7539-48D3-9AAB-BA623468C5D8",
"versionEndExcluding": "10.0.17763.4974"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "15F303BE-3B6E-4B91-99A8-3D0135040C0F",
"versionEndExcluding": "10.0.17763.4974"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "C38DBDD3-BC41-4791-9754-2826E3F0698D",
"versionEndExcluding": "10.0.17763.4974"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "C86C5206-DD71-4841-90A0-96411C35E925",
"versionEndExcluding": "10.0.19041.3570"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2EBC5E25-7B8A-4A8F-9C0A-2DF0A89A2492",
"versionEndExcluding": "10.0.19041.3570"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "6E3DB4A4-5176-474D-983D-3A4C093D771A",
"versionEndExcluding": "10.0.19041.3570"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "59FCD1EC-7EB7-4657-AA26-2C2A934D4AE0",
"versionEndExcluding": "10.0.19041.3570"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6DB083DC-04FF-47F0-800A-971E9DE2E62F",
"versionEndExcluding": "10.0.19041.3570"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "CECCEB88-1DC3-4242-928E-CCF6B8F8B380",
"versionEndExcluding": "10.0.19041.3570"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "1C37B834-9B0E-45C0-B771-B529420EEDE1",
"versionEndExcluding": "10.0.22000.2538"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "E8F6D36B-0B5A-4F96-816F-6435A1BDDBF7",
"versionEndExcluding": "10.0.22000.2538"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "2B42E21D-CF02-46FF-8759-B572EC8BBE3F",
"versionEndExcluding": "10.0.22621.2428"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "9FC8F0D2-B3D5-48A1-ADF8-8D36D86E0F72",
"versionEndExcluding": "10.0.22621.2428"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041093C8-E6AC-4395-A292-9CE052E95A66",
"versionEndExcluding": "10.0.14393.6351"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C791E277-E6EC-41CB-8E0E-5A7C01E0FFEB",
"versionEndExcluding": "10.0.17763.4974"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31624F81-B04F-4EA1-B4C1-882A9230E91D",
"versionEndExcluding": "10.0.20348.2031"
}
],
"operator": "OR"
}
]
}
]