Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability

CVE-2024-29988

8.8HIGH

Key Information

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 9 April 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

The first article discusses the CVE-2024-29988 vulnerability, which is a security feature bypass affecting Microsoft SmartScreen Prompt. This vulnerability requires user interaction to exploit and can allow social engineering tactics to convince users to launch malicious files. Microsoft has released a security update to mitigate this vulnerability. The second article highlights the CVE-2024-3400 vulnerability affecting Palo Alto Networks firewalls, which is being actively exploited by attackers. The vulnerability involves a command injection and can lead to compromise of internet-facing devices. The vendor has urged customers to implement temporary mitigations and check for device compromises. Overall, both vulnerabilities pose significant risks and require immediate attention from affected users to mitigate potential exploitation and its consequences.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-29988 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1809 < 10.0.17763.5696

Windows Server 2019 < 10.0.17763.5696

Windows Server 2019 (Server Core installation) < 10.0.17763.5696

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-29988-exploit
Created by Sploitus

News Articles

Help Net Security

CVE-2024-3400CVE-2024-29988

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto Networks firewalls under attack, hotfixes

5 months ago

RedLegg

CVE-2024-29990CVE-2024-29988

Patch Tuesday - April 2024

Stay informed with RedLegg's critical Patch Tuesday updates for April 2024, addressing vulnerabilities in Microsoft Azure, SmartScreen, Defender for IoT, and more. All this and more...

5 months ago

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Jun 12, 2024
First article discovered by null
Apr 9, 2024
Vulnerability published.
Apr 9, 2024
Vulnerability Reserved.
Mar 22, 2024

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed1 Proof of Concept(s)11 News Article(s)