AI description
CVE-2024-38213, also known as Copy2Pwn, is a zero-day vulnerability that allows attackers to bypass the Mark of the Web (MotW) security feature in Windows. MotW typically flags files downloaded from the internet or copied from specific network locations, prompting cautious handling by the operating system. This vulnerability, however, permits files copied from WebDAV shares to bypass this check, making them appear as if they originated locally. This can lead to the execution of malicious code as security measures that rely on MotW, such as Windows Defender SmartScreen and Office Protected View, are effectively neutralized. This vulnerability was discovered in August 2024 and was actively exploited before a patch was available. It affects how Windows handles files copied from WebDAV, a type of web-based file-sharing service. Even with security warnings present when dragging and dropping files from a network folder, the MotW flag is not applied, leaving systems vulnerable. The exploit has been used in targeted email campaigns and other attacks to deliver malware and steal sensitive data. While Microsoft released a patch in July 2024, subsequent analysis revealed flaws in the initial fix, highlighting the ongoing challenge of addressing such vulnerabilities.
- Description
- Windows Mark of the Web Security Feature Bypass Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
- Exploit added on
- Aug 13, 2024
- Exploit action due
- Sep 3, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- nvd@nist.gov
- NVD-CWE-noinfo
- secure@microsoft.com
- CWE-693
- Hype score
- Not currently trending
Analysis of a Flaw in Microsoft's Patch for "copy2pwn" (CVE-2024-38213) https://t.co/ZiiKscTJPT https://t.co/Ese2DnQFE7
@0patch
13 Feb 2025
15821 Impressions
21 Retweets
60 Likes
37 Bookmarks
1 Reply
3 Quotes
Zero-day threats like CVE-2024-38213 are evolving. Discover how CimTrak's integrity monitoring can help you detect and defend against these elusive vulnerabilities. Read more to stay informed and prepared. 🔒⬇️ https://t.co/DAXV4pwQza #zerodayattack #CVE2024 #cybersecurity
@cimtrak
5 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zero-day threats like CVE-2024-38213 are evolving. Discover how CimTrak's integrity monitoring can help you detect and defend against these elusive vulnerabilities. Read more to stay informed and prepared. 🔒⬇️ https://t.co/PwjiW3nzj4 #zerodayattack #CVE2024 #cybersecurity
@cimtrak
8 Dec 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#OpenDir #WebDav #Malware msc4dfl1ed7eb485ad6ahelixpflanzen[.]de:5515 Final payload is unknown right now. The .HTML file leading there: https://t.co/ux6ZeOd8Nh Seems to exploit CVE-2024-38213. The LNK launches the porderx.vbs which calls onzau.bat which is ??? https://t.co/q
@SecurityAura
7 Dec 2024
1358 Impressions
2 Retweets
12 Likes
2 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF7733FD-F870-4578-A567-9900AD6C78E3",
"versionEndExcluding": "10.0.10240.20680"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D96DA51E-404E-49AE-B852-56FF8A1CEEA6",
"versionEndExcluding": "10.0.14393.7070"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B52F95E-6080-46C6-B4B6-E2B3F3E78456",
"versionEndExcluding": "10.0.17763.5936"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1CEAF689-E8DB-4D3C-BC2E-B386BC077BC5",
"versionEndExcluding": "10.0.19044.4529"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "970F54FC-F4ED-49B9-BE94-96B7212FD149",
"versionEndExcluding": "10.0.19045.4529"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84ECD6C0-8C47-4D2F-82B5-4F8C0BBC5FEE",
"versionEndExcluding": "10.0.22000.3019"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E80DF17-1F27-474E-B147-9F5B6C494300",
"versionEndExcluding": "10.0.22621.3737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4258468C-56CC-45C0-B510-FC833E942876",
"versionEndExcluding": "10.0.22631.3737"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48EA2B6D-D604-4548-88E9-4FE312C8CCA5",
"versionEndExcluding": "6.2.9200.24919"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA61AAF0-D769-4287-AA5C-EFDAD067E9F1",
"versionEndExcluding": "10.0.14393.7070"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12F9D974-A968-4CBB-81D8-C73B76DD284A",
"versionEndExcluding": "10.0.17763.5936"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "498A643B-0180-4AD3-BD7C-5E3CEB0FD112",
"versionEndExcluding": "10.0.20348.2522"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EA59E2D-57B2-4E8B-937A-3EB51A3AD285",
"versionEndExcluding": "10.0.25398.950"
}
],
"operator": "OR"
}
]
}
]