Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
CVE-2024-29988

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 9 April 2024

Badges

💰 Ransomware👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

Summary

The first article discusses the CVE-2024-29988 vulnerability, which is a security feature bypass affecting Microsoft SmartScreen Prompt. This vulnerability requires user interaction to exploit and can allow social engineering tactics to convince users to launch malicious files. Microsoft has released a security update to mitigate this vulnerability.

The second article highlights the CVE-2024-3400 vulnerability affecting Palo Alto Networks firewalls, which is being actively exploited by attackers. The vulnerability involves a command injection and can lead to compromise of internet-facing devices. The vendor has urged customers to implement temporary mitigations and check for device compromises.

Overall, both vulnerabilities pose significant risks and require immediate attention from affected users to mitigate potential exploitation and its consequences.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5696

Windows 10 Version 1809 ARM64-based Systems 10.0.0 < 10.0.17763.5696

Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.4291

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-29988-exploit
Created by Sploitus

News Articles

Help Net Security

CVE-2024-3400 CVE-2024-29988

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto Networks firewalls under attack, hotfixes

9 months ago

RedLegg

CVE-2024-29990 CVE-2024-29988

Patch Tuesday - April 2024

Stay informed with RedLegg's critical Patch Tuesday updates for April 2024, addressing vulnerabilities in Microsoft Azure, SmartScreen, Defender for IoT, and more. All this and more...

9 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
May 3, 2024
🦅
CISA Reported
Apr 30, 2024
💰
Used in Ransomware
Apr 10, 2024
👾
Exploit known to exist
Apr 9, 2024
📰
First article discovered
Apr 9, 2024
Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 22, 2024

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed1 Proof of Concept(s)11 News Article(s)