CVE-2024-29988: SmartScreen Prompt Security Feature Bypass Vulnerability

Overview

Severity

High (CVSS 8.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2024-Apr

Released

2024-04-09

EPSS Score

62.77% (percentile: 98.4%)

CISA KEV

Listed — due 2024-05-21

FAQ

How could an attacker exploit the vulnerability? In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit the remote code execution vulnerability. In any case an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into running malicious files. How could an attacker exploit this vulnerability? To exploit this security feature bypass vulnerability, an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 2 repositories

Affected Products (20)

Windows

• Windows 10 Version 1809 for 32-bit Systems
• Windows 10 Version 1809 for x64-based Systems
• Windows 10 Version 1809 for ARM64-based Systems
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows 11 version 21H2 for x64-based Systems
• Windows 11 version 21H2 for ARM64-based Systems
• Windows 10 Version 21H2 for 32-bit Systems
• Windows 10 Version 21H2 for ARM64-based Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows 11 Version 22H2 for ARM64-based Systems
• Windows 11 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for ARM64-based Systems
• Windows 10 Version 22H2 for 32-bit Systems
• Windows 11 Version 23H2 for ARM64-based Systems
• Windows 11 Version 23H2 for x64-based Systems
• Windows Server 2022, 23H2 Edition (Server Core installation)

Security Updates (6)

• 5036896
• 5036909
• 5036894
• 5036892
• 5036893
• 5036910

Acknowledgments

Dmitrij Lenz and Vlad Stolyarov of Google's Threat Analysis Group, <a href="https://twitter.com/thezdi">Peter Girnus (gothburz) of Trend Micro's Zero Day Initiative</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro</a>

Revision History

• 2024-04-09: Information published.