IRONSMITHINTEL
MEDIUMCVSS5.4
|
Actively Exploited
|CISA KEV|CVE-2024-38217|Auth: none — unauthenticated|Reboot: required|Manual only

KB5042880: Windows Server Security Update (September 2024)

Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

Published Sep 10, 2024 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve partial data exposure, partial data tampering, partial service disruption. Federal agencies are required to remediate by 2024-10-01 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Software Vulnerability (CWE-693) (CWE-693) vulnerability in Microsoft Windows. Windows Mark of the Web Security Feature Bypass Vulnerability Exploitation requires remote network access, low attack complexity, no authentication required, and user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

Windows Administrators
Systems Engineers
IT Security
Running windows 10 1507: v < 10.0.10240.20766; windows 10 1607: v < 10.0.14393.7336; windows 10 1809: v < 10.0.17763.6293; windows 10 21h2: v < 10.0.19044.4894; windows 10 22h2: v < 10.0.19045.4894; windows 11 21h2: v < 10.0.22000.3197; windows 11 22h2: v < 10.0.22621.4169; windows 11 23h2: v < 10.0.22631.4169; windows 11 24h2: v < 10.0.26100.1742; windows server 2008: -, r2; windows server 2012: -, r2; windows server 2016: v < 10.0.14393.7336; windows server 2019: v < 10.0.17763.6293; windows server 2022: v < 10.0.20348.2700; windows server 2022 23h2: v < 10.0.25398.1128
Fixed inKB5042880, KB5042881, KB5043050, KB5043051, KB5043055, KB5043064, KB5043067, KB5043076, KB5043080, KB5043083, KB5043087, KB5043092, KB5043125, KB5043129, KB5043135, KB5043138 (applies to 37 product versions) — build 10.0.10240.20766, 10.0.14393.7336+
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: https://www.elastic.co/security-labs/dismantling-smart-app-control

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB5042880

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

    1
    KB5042880 — https://support.microsoft.com/help/5042880
    1
    KB5042881 — https://support.microsoft.com/help/5042881
    1
    KB5043050 — https://support.microsoft.com/help/5043050
    1
    KB5043051 — https://support.microsoft.com/help/5043051
    1
    KB5043055 — https://support.microsoft.com/help/5043055
    1
    KB5043064 — https://support.microsoft.com/help/5043064
    1
    KB5043067 — https://support.microsoft.com/help/5043067
    1
    KB5043076 — https://support.microsoft.com/help/5043076
    1
    KB5043080 — https://support.microsoft.com/help/5043080
    1
    KB5043083 — https://support.microsoft.com/help/5043083
    1
    KB5043087 — https://support.microsoft.com/help/5043087
    1
    KB5043092 — https://support.microsoft.com/help/5043092
    1
    KB5043125 — https://support.microsoft.com/help/5043125
    1
    KB5043129 — https://support.microsoft.com/help/5043129
    1
    KB5043135 — https://support.microsoft.com/help/5043135
    1
    KB5043138 — https://support.microsoft.com/help/5043138

Supersedes: KB5041160, KB5041573, KB5041578, KB5041580, KB5041585, KB5041592, KB5041773, KB5041782, KB5041828, KB5041838, KB5041850, KB5041851

Affected Products

    1
    Windows 10 Version 1607 for 32-bit Systems
    1
    Windows 10 Version 1607 for x64-based Systems
    1
    Windows 10 Version 1809 for 32-bit Systems
    1
    Windows 10 Version 1809 for x64-based Systems
    1
    Windows 10 Version 21H2 for 32-bit Systems
    1
    Windows 10 Version 21H2 for ARM64-based Systems
    1
    Windows 10 Version 21H2 for x64-based Systems
    1
    Windows 10 Version 22H2 for 32-bit Systems
    1
    Windows 10 Version 22H2 for ARM64-based Systems
    1
    Windows 10 Version 22H2 for x64-based Systems
    1
    Windows 10 for 32-bit Systems
    1
    Windows 10 for x64-based Systems
    1
    Windows 11 Version 22H2 for ARM64-based Systems
    1
    Windows 11 Version 22H2 for x64-based Systems
    1
    Windows 11 Version 23H2 for ARM64-based Systems
    1
    Windows 11 Version 23H2 for x64-based Systems
    1
    Windows 11 Version 24H2 for ARM64-based Systems
    1
    Windows 11 Version 24H2 for x64-based Systems
    1
    Windows 11 version 21H2 for ARM64-based Systems
    1
    Windows 11 version 21H2 for x64-based Systems
    1
    (…17 more product versions)

Fixed Build Numbers

    1
    10.0.10240.20766
    1
    10.0.14393.7336
    1
    10.0.17763.6293
    1
    10.0.19044.4894
    1
    10.0.19045.4894
    1
    10.0.20348.2695
    1
    10.0.20348.2700
    1
    10.0.22000.3197
    1
    10.0.22621.4169
    1
    10.0.22631.4169
    1
    (…6 more builds)

Installation Methods

Windows Update (recommended)

1
Settings → Windows Update → Check for updates
2
The security update is offered if your system is in scope
3
Restart when prompted — a reboot IS required to complete the install

Microsoft Update Catalog (manual download)

1
Open https://catalog.update.microsoft.com
2
Search for KB5042880
3
Download the package matching your OS architecture and Windows build
4
Run the .msu installer with administrator privileges
5
Restart when prompted

WSUS / SCCM / Intune

Approve KB5042880 for the affected products in your update management console.

Microsoft Download Center Links

    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5042880
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5042881
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043050
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043051
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5043055
    1
    (…11 more)

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB5042880','KB5042881','KB5043050','KB5043051','KB5043055','KB5043064','KB5043067','KB5043076','KB5043080','KB5043083','KB5043087','KB5043092','KB5043125','KB5043129','KB5043135','KB5043138') }

References

    1
    Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217
    1
    KB article: https://support.microsoft.com/help/5042881
    1
    KB article: https://support.microsoft.com/help/5043050
    1
    KB article: https://support.microsoft.com/help/5043051
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-38217
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38217

Discovery Credit

Joe Desimone with Elastic Security

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-38217MSRC AdvisoryNVDKBKB5042880