Microsoft SmartScreen Prompt Security Vulnerability - 20240501001

Overview

SmartScreen Prompt Security Feature Bypass Vulnerability

What is vulnerable?

CVE	Severity	CVSS	Product(s) Affected	Summary	Dated
CVE-2024-29988	High	8.8	Version	SmartScreen Prompt Security Feature Bypass Vulnerability	Apr 9, 2024
CVE-2023-38831	High	7.8	Version	Remote code execution	Oct 22, 2023
CVE-2024-21412	High	8.1	Version	Internet Shortcut Files Security Feature Bypass Vulnerability	Mar 7, 2024

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

Additional References

• Microsoft - SmartScreen Prompt Security Feature Bypass Vulnerability

• CVE-2024-29988

• Exploit:Win32/CVE-2023-38831 threat description - Microsoft Security Intelligence

• CVE-2023-38831 | Tenable®