Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability

CVE	CVE-2024-21412
State	PUBLISHED
Assigner	Unknown
Source Priority	Enrichment-only fallback
Published	2024-02-13 00:00:00 UTC
Updated	2026-04-02 17:47:12 UTC
Description	Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

EPSS: 0.937850000 probability, percentile 0.998560000 (date 2026-04-03)

CISA KEV: Listed on 2024-02-13; due 2024-03-05; ransomware use Known

Vendor	Microsoft
Product	Windows
Name	Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
Required Action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21412; https://nvd.nist.gov/vuln/detail/CVE-2024-21412

There are no known software configurations currently associated with this CVE in NVD or the CVE Program record.

Reference	Source	Link	Tags
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.