CVE-2024-26185 is a vulnerability identified in Microsoft Windows 11 version 22H2 (build 10.0.22621.0) related to the external control of file name or path, classified under CWE-73. This vulnerability specifically affects the handling of compressed folders (ZIP files) within the Windows operating system. An attacker can craft a malicious compressed folder that, when opened by a user, can manipulate the file paths or names during extraction or viewing. This external control over file paths can lead to unauthorized modification of files on the victim's system, resulting in integrity violations. The vulnerability requires no privileges (PR:N) but does require user interaction (UI:R), such as opening or interacting with a malicious compressed folder. The attack vector is network-based (AV:N), meaning the malicious archive can be delivered via email, download, or other network means. The scope is unchanged (S:U), indicating the impact is limited to the vulnerable component without affecting other system components. The CVSS v3.1 base score is 6.5, categorized as medium severity. The impact is primarily on integrity (I:H), with no direct confidentiality or availability impact. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability could allow an attacker to overwrite or tamper with files by controlling the extraction paths, potentially leading to privilege escalation or disruption of system or application behavior if critical files are modified. However, exploitation requires user action to open the malicious archive, limiting automated exploitation. The vulnerability is significant given the widespread use of Windows 11 22H2 and the common use of compressed folders for file transfer and storage.

For European organizations, this vulnerability poses a moderate risk primarily to the integrity of systems running Windows 11 version 22H2. Attackers could leverage this flaw to modify or replace critical files, potentially disrupting business operations or enabling further attacks such as persistence or privilege escalation. Sectors with high reliance on Windows 11, such as finance, healthcare, and government, could face targeted attempts to exploit this vulnerability, especially through phishing campaigns delivering malicious compressed folders. The requirement for user interaction means that social engineering remains a key factor in successful exploitation. While confidentiality and availability impacts are not directly indicated, the integrity compromise could indirectly affect availability if system files are tampered with. Given the lack of known exploits in the wild, immediate widespread impact is unlikely, but the vulnerability should be addressed promptly to prevent future exploitation. Organizations with extensive remote workforces or high email traffic are particularly at risk due to increased exposure to network-delivered malicious archives.

Implement strict email filtering and attachment scanning to detect and block malicious compressed folders before reaching end users. Educate users to avoid opening compressed folders from untrusted or unexpected sources, emphasizing the risk of file path manipulation. Use endpoint protection solutions capable of detecting anomalous file extraction behaviors or unauthorized file modifications. Apply application whitelisting to restrict execution or modification of critical system files, limiting the impact of tampering. Monitor file system integrity on critical endpoints to detect unauthorized changes promptly. Deploy network segmentation to limit the spread of potential attacks originating from compromised systems. Stay alert for official Microsoft patches or updates addressing this vulnerability and prioritize their deployment once available. Leverage Windows Defender Exploit Guard or similar features to harden the system against exploitation vectors involving compressed files.