CVE-2024-29988 : SmartScreen Prompt Security Feature Bypass Vulnerability

Products affected by CVE-2024-29988

Microsoft » Windows Server 2019
Versions before (<) 10.0.17763.5696
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022
Versions before (<) 10.0.20348.2402
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 21h2
Versions before (<) 10.0.22000.2899
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 22h2
Versions before (<) 10.0.22621.3447
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1809 » For X64
Versions before (<) 10.0.17763.5696
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1809 » For X86
Versions before (<) 10.0.17763.5696
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 1809 » For Arm64
Versions before (<) 10.0.17763.5696
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 21h2
Versions before (<) 10.0.19044.4291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 22h2
Versions before (<) 10.0.19045.4291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 23h2
Versions before (<) 10.0.22631.3447
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 23h2
Versions before (<) 10.0.25398.830
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Matching versions

CVE-2024-29988 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability

CISA required action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA description:

Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.

Notes:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988; https://nvd.nist.gov/vuln/detail/CVE-2024-29988

Added on 2024-04-30 Action due date 2024-05-21

Exploit prediction scoring system (EPSS) score for CVE-2024-29988

EPSS FAQ

37.99%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-29988

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	Microsoft Corporation	2024-04-09
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/...	N/A	N/A	MS-CVE-2024-29988	2024-04-09
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-29988

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Assigned by: secure@microsoft.com (Secondary)

References for CVE-2024-29988