Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Summary
| CVE | CVE-2024-21351 |
|---|---|
| State | PUBLISHED |
| Assigner | Unknown |
| Source Priority | Enrichment-only fallback |
| Published | 2024-02-13 00:00:00 UTC |
| Updated | 2026-04-02 17:47:12 UTC |
| Description | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. |
Risk And Classification
EPSS: 0.131590000 probability, percentile 0.941000000 (date 2026-04-03)
CISA KEV: Listed on 2024-02-13; due 2024-03-05; ransomware use Unknown
CISA Known Exploited Vulnerability
| Vendor | Microsoft |
|---|---|
| Product | Windows |
| Name | Microsoft Windows SmartScreen Security Feature Bypass Vulnerability |
| Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Notes | https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351 |
There are no known software configurations currently associated with this CVE in NVD or the CVE Program record.
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 92111 Microsoft Windows Security Update for February 2024