Security

Mitigation Instructions for Microsoft Windows CVE-2024-21351

Written by CyRisk Vulnerability Management Team | Mar 8, 2024 7:50:34 PM

SUBJECT: Mitigate Microsoft Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2024-21351)

TECH STACK:  Microsoft Windows (all supported versions)

DATE(S) ISSUED:  02/13/2024

NVD Last Modified: 02/14/2024

CRITICALITY: 7.6 HIGH -Microsoft considers this vulnerability actively exploited.

OVERVIEW: 

This document outlines mitigation steps to address a vulnerability (CVE-2024-21351) in Microsoft Windows that allows attackers to bypass the SmartScreen security feature. This could potentially allow malicious software to be installed or executed on your system.

MITIGATION INSTRUCTIONS:

1. Install Security Updates:

  • This is the recommended and most effective mitigation.
  • Apply the latest security updates from Microsoft as soon as possible. These updates are expected to address this vulnerability. You can check for updates through Windows Update or the Microsoft Security Response Center (MSRC) website:

2. Exercise Caution When Downloading Files:

  • Be cautious when downloading files from the internet, especially from untrusted sources.
  • Only download files from websites you trust and verify the file's authenticity before opening it.

3. Use a Reputable Antivirus and Anti-Malware Solution:

  • Keep your antivirus and anti-malware software up to date to help protect your system from known threats.

4. Disable Macros in Office Documents (Optional):

  • Disabling macros in Office documents can help to prevent them from being used to exploit vulnerabilities. However, this may also prevent legitimate macros from running.

CONFIRMATION AND ADDITIONAL INFORMATION

  • Monitor Microsoft Security Response Center (MSRC) for updates and patches: Consider deploying additional security measures like application whitelisting and user education.