Windows MSHTML Platform Spoofing Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HMicrosoft Windows 10 1507
OSMicrosoft< 10.0.10240.20766Microsoft Windows 10 1607
OSMicrosoft< 10.0.14393.7336Microsoft Windows 10 1809
OSMicrosoft< 10.0.17763.6293Microsoft Windows 10 21h2
OSMicrosoft< 10.0.19044.4894Microsoft Windows 10 22h2
OSMicrosoft< 10.0.19045.4894Microsoft Windows 11 21h2
OSMicrosoft< 10.0.22000.3197Microsoft Windows 11 22h2
OSMicrosoft< 10.0.22621.4169Microsoft Windows 11 23h2
OSMicrosoft< 10.0.22621.4169< 10.0.22631.4169Microsoft Windows 11 24h2
OSMicrosoft< 10.0.26100.1742Microsoft Windows Server 2008
OSMicrosoftr2Microsoft Windows Server 2012
OSMicrosoftr2Microsoft Windows Server 2016
OSMicrosoft< 10.0.14393.7336Microsoft Windows Server 2019
OSMicrosoft< 10.0.17763.6293Microsoft Windows Server 2022
OSMicrosoft< 10.0.20348.2700Microsoft Windows Server 2022 23h2
OSMicrosoft< 10.0.25398.1128
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Windows
- Added to KEVi
- September 16, 2024
- Remediation deadline (US Federal)i
- October 7, 2024(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services wh...