CVE-2024-43487: 
vulnerability analysis and mitigation

A Windows Mark of the Web (MotW) Security Feature Bypass Vulnerability has been identified and tracked as CVE-2024-43487. The vulnerability was discovered and reported to Microsoft, with the initial CVE record being created on August 14, 2024, and publicly disclosed on September 10, 2024. This security issue affects multiple versions of Microsoft Windows, including Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2) and Windows Server (2012, 2012 R2, 2016, 2019) (NIST NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, requires user interaction, and can result in high impact to integrity while having no impact on confidentiality or availability. The vulnerability has been classified under CWE-693 (Protection Mechanism Failure) (NIST NVD).

The vulnerability could allow an attacker to bypass the Windows Mark of the Web security feature, which is designed to identify files that have been downloaded from the internet. A successful exploit could lead to high integrity impact on affected systems (Rapid7).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB articles including KB5043083 (Windows 10 1507), KB5043051 (Windows 10 1607), KB5043050 (Windows 10 1809), KB5043064 (Windows 10 21H2/22H2), KB5043125 (Windows Server 2012), KB5043138 (Windows Server 2012 R2), and corresponding updates for other affected versions (Rapid7).