CVE-2024-29988

Vulnerability updated a month ago (2024-11-29T14:13:22.645Z)

Download STIX

Preview STIX

CVE-2024-29988 is a high-severity vulnerability discovered in the Microsoft SmartScreen Prompt Security Feature. This flaw, with a CVSS score of 8.8, enables attackers to bypass Microsoft Defender SmartScreen by opening a specially crafted file. The Zero Day Initiative (ZDI) first identified this vulnerability, and although it wasn't listed as exploited during Microsoft's Patch Tuesday update, it has since been actively utilized by threat actors to deliver malware. The exploitation of CVE-2024-29988 relies heavily on social engineering tactics. This method involves tricking users into opening malicious files that have been specifically designed to exploit this vulnerability, thereby bypassing the SmartScreen security feature. Tenable's Narang noted the significance of this month's fix for the SmartScreen Prompt security feature bypass, emphasizing the need for user awareness in addition to software patches to mitigate such socially engineered attacks. Microsoft addressed CVE-2024-29988 along with another zero-day vulnerability, CVE-2024-26234, a proxy driver spoofing flaw, in their recent updates. These fixes were prioritized due to the active exploitation of these vulnerabilities by cybercriminals. It's crucial for users and organizations to apply these patches promptly to protect their systems from potential breaches and malware attacks.

Description last updated: 2024-05-01T08:15:27.428Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Microsoft

Vulnerability

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability CVE-2024-26234 is associated with CVE-2024-29988.	Unspecified	2

Source Document References

Information about the CVE-2024-29988 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Malwarebytes	9 months ago	Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
CISA	8 months ago	CISA Adds One Known Exploited Vulnerability to Catalog \| CISA
Checkpoint	9 months ago	15th April – Threat Intelligence Report - Check Point Research
Securityaffairs	9 months ago	Microsoft fixed two zero-day flaws exploited in malware attacks
Securityaffairs	9 months ago	Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues
Securityaffairs	9 months ago	Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues - Security Affairs
InfoSecurity-magazine	9 months ago	Microsoft Patches 150 Flaws Including Two Zero-Days
DARKReading	9 months ago	Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk
SANS ISC	9 months ago	April 2024 Microsoft Patch Tuesday Summary - SANS Internet Storm Center
Krebs on Security	9 months ago	April’s Patch Tuesday Brings Record Number of Fixes