Description Preview
CVE-2024-29988 is a high-severity vulnerability affecting various versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server editions. This vulnerability allows attackers to bypass the SmartScreen prompt security feature, potentially leading to unauthorized actions or access to sensitive information. The flaw is categorized under CWE-693, indicating a failure in protection mechanisms. Exploitation of this vulnerability is active, and it poses a significant risk to affected systems.
Overview
- CVE ID: CVE-2024-29988
- Severity: High (CVSS Score: 8.8)
- Affected Products:
- Windows 10 (Version 1809, 21H2, 22H2)
- Windows 11 (Versions 21H2, 22H2, 23H2)
- Windows Server (2019, 2022, 23H2)
- Vulnerability Type: Security Feature Bypass
- CWE Classification: CWE-693 (Protection Mechanism Failure)
- Exploitation Status: Active
Remediation
To mitigate the risks associated with CVE-2024-29988, users and administrators are advised to:
- Update Affected Systems: Ensure that all affected Windows versions are updated to the latest security patches provided by Microsoft. Specifically, upgrade to versions that are not vulnerable:
- For Windows 10 Version 1809, upgrade to version 10.0.17763.5696 or later.
- For Windows Server 2019, upgrade to version 10.0.17763.5696 or later.
- For Windows Server 2022, upgrade to version 10.0.20348.2402 or later.
- For Windows 11 and its various versions, ensure systems are updated to the latest available versions.
- Monitor Security Advisories: Regularly check Microsoft’s security advisory pages for updates and additional guidance on this vulnerability.
References
- Microsoft Security Advisory: SmartScreen Prompt Security Feature Bypass Vulnerability
- CISA Known Exploited Vulnerabilities Catalog: CVE-2024-29988
Early Warning
Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.
- Armis Alert Date
- Apr 9, 2024
- CISA KEV Date
- Apr 30, 2024
21days early
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Public AdministrationPublic Administration: Medium
- ManufacturingManufacturing: Medium
- Health Care & Social AssistanceHealth Care & Social Assistance: Medium
- Educational ServicesEducational Services: Medium
- Finance and InsuranceFinance and Insurance: Medium
- Transportation & WarehousingTransportation & Warehousing: Medium
- Retail TradeRetail Trade: Medium
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Medium
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Medium
- UtilitiesUtilities: Medium
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- MiningMining: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- ConstructionConstruction: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Wholesale TradeWholesale Trade: Low
