CVE-2024-21320

Published Jan 9, 2024

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: Windows Themes Spoofing Vulnerability
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

secure@microsoft.com: CWE-200
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

⚠️ Another Free CVE Challenge: Windows Theme Spoofing We always try our best to prepare REAL-WORLD cases for you! CVE: CVE-2024-21320 Role: DFIR Difficulty: Hard https://t.co/LDCIrxJHoL
@LetsDefendIO
10 Jan 2025
1773 Impressions
5 Retweets
14 Likes
7 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-21320
@transilienceai
6 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ماکروسافت برای آسیب پذیری با کد شناسایی CVE-2024-21320 پچ لازم را منتشر نمود اما بعد از مدتی مشخص شد که این پچ نیز قابل دور زدن می باشد . برای همین پچ نیز که به نوعی آسیب پذیر بود کد شناسایی جدید CVE-2024-38030 را منتشر نمود و پچ جدید را ارائه کرد. https://t.co/Y2P1U3epiq https:/
@AmirHossein_sec
5 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Windows Themes Zero-Day Alert 🚨 🛠️ Unofficial patch out for a new Windows Themes bug that leaks NTLM credentials just by viewing malicious theme files ⚠️ Mitigate Now: Use 0patch or follow Microsoft’s NTLM blocking guidance (CVE-2024-21320) until an official fix is release
@shaharia_munna
31 Oct 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsテーマにおけるゼロデイ脆弱性に対する非公式パッチを0patch社が提供。該当脆弱性はCVE未採番で、CVE-2024-21320を迂回可能なCVE-2024-38030のマイクロパッチを開発中だったACROS Security社が発見したもの。NTLM資格情報が窃取される可能性。 https://t.co/bLDX6xMvLU
@__kokumoto
30 Oct 2024
924 Impressions
9 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F40B0037-2EF9-4172-BD2B-C5D046426DC9",
            "versionEndExcluding": "10.0.10240.20402"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1642CC8D-1521-46D9-AE2A-7CD9BCE30565",
            "versionEndExcluding": "10.0.14393.6614"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB2C6F0A-4519-43AE-A36D-39F968FF3DCD",
            "versionEndExcluding": "10.0.17763.5329"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251",
            "versionEndExcluding": "10.0.19044.3930"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD",
            "versionEndExcluding": "10.0.19045.3930"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "290AE500-245E-4C97-953C-05D679164894",
            "versionEndExcluding": "10.0.22000.2713"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8145E3A1-AA48-49CD-A391-8BA9F3860316",
            "versionEndExcluding": "10.0.22621.3007"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04D7A1EA-2E86-4600-A7B8-DAA5ACABE8D0",
            "versionEndExcluding": "10.0.22631.3007"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8F92AA0-D568-4DD8-B50E-29F3561F81AB",
            "versionEndExcluding": "10.0.14393.6614"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51DCD313-6848-46DD-B4C6-DA2A8F6291CD",
            "versionEndExcluding": "10.0.17763.5329"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13224366-AD63-4CAD-85D1-F9599CFE1B14",
            "versionEndExcluding": "10.0.20348.2227"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References