Microsoft Patch for CVE-2024-38213 Found Ineffective
/ 1 min read
💻🩹 Microsoft’s Patch for CVE-2024-38213 Fails to Address Vulnerability. A critical flaw in Microsoft’s patch for CVE-2024-38213, which affects file transfers from WebDAV shared folders, has been identified by security researchers. The vulnerability allows files to bypass the Mark of the Web (MotW) security feature, leading to potential exploitation by malicious actors. Despite a patch released in July 2024, analysis revealed that it did not function as intended, leaving many Windows versions still vulnerable. A subsequent review pinpointed a coding error in the patch that caused the MotW logic to be skipped. Microsoft has since corrected this issue in a later update, while 0patch has developed a micropatch for unsupported legacy systems to mitigate the risk.
