Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Windows Mark of the Web Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
Windows Mark of the Web Security Feature Bypass Vulnerability
Windows MSHTML Platform Security Feature Bypass Vulnerability
Windows HTML Platforms Security Feature Bypass Vulnerability
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Windows SmartScreen Security Feature Bypass Vulnerability
Windows Mark of the Web Security Feature Bypass Vulnerability
Windows Mark of the Web Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Low)
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Microsoft Office Security Feature Bypass Vulnerability
Windows MapUrlToZone Denial of Service Vulnerability
Windows Remote Desktop Security Feature Bypass Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) may not be blocked, whether hypervisor-protected code integrity (HVCI) is enabled or not. NOTE: The vendor disputes this CVE ID assignment and states that the driver blocklist is intended for use with HVCI.
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportData XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5757.
Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Code Integrity Guard Security Feature Bypass Vulnerability
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Windows Scripting Engine Security Feature Bypass Vulnerability
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)