CVE-2024-43645: 
vulnerability analysis and mitigation

Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability was identified and assigned CVE-2024-43645. The vulnerability was initially reported on November 12, 2024, and affects various versions of Microsoft Windows systems including Windows 10 and Windows Server installations (NVD, CVE).

The vulnerability has received multiple CVSS severity assessments. According to the NVD, it has a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Microsoft Corporation assessed it with a Base Score of 6.7 (MEDIUM) and vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-693 (Protection Mechanism Failure) (NVD).

The vulnerability affects multiple versions of Microsoft Windows systems, including Windows 10 version 1507, 1607, 1809, and corresponding Windows Server versions. If exploited, the vulnerability could lead to a security feature bypass in Windows Defender Application Control (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5046665 for Windows 10 1507, KB5046612 for Windows 10 1607 and Windows Server 2016, and KB5046615 for Windows 10 1809 and Windows Server 2019 (Rapid7).