CVE-2023-24880
MEDIUM KEV RANSOMWAREWindows SmartScreen - Privilege Escalation
Title source: llmExploitation Summary
CVE-2023-24880 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 14, 2023, with confirmed use in ransomware campaigns.
Description
Windows SmartScreen Security Feature Bypass Vulnerability
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-24880
Patch, Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880
Scores
CVSS v3
4.4
EPSS
0.7464
EPSS Percentile
98.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2023-03-14
VulnCheck KEV
2023-03-14
InTheWild.io
2023-03-14
ENISA EUVD
EUVD-2023-28870
Ransomware Use
Confirmed
CWE
CWE-863
Status
published
Products (10)
microsoft/windows_10_1607
< 10.0.14393.5786
microsoft/windows_10_1809
< 10.0.17763.4131
microsoft/windows_10_20h2
< 10.0.19042.2728
microsoft/windows_10_21h2
< 10.0.19044.2728
microsoft/windows_10_22h2
< 10.0.19045.2728
microsoft/windows_11_21h2
< 10.0.22000.1696
microsoft/windows_11_22h2
< 10.0.22000.1413
microsoft/windows_server_2016
< 10.0.14393.5786
microsoft/windows_server_2019
< 10.0.17763.4131
microsoft/windows_server_2022
< 10.0.20348.1602
Published
Mar 14, 2023
KEV Added
Mar 14, 2023
Tracked Since
Feb 18, 2026