Detections
Analytics

CVE-2024-29988

high

Description

SmartScreen Prompt Security Feature Bypass Vulnerability

From the Tenable Blog

Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988)
Microsoft’s April 2024 Patch Tuesday Addresses 147 CVEs (CVE-2024-29988)

Published: 2024-04-09

Microsoft addresses 147 CVEs in its April 2024 Patch Tuesday release with three critical vulnerabilities and no zero-day or publicly disclosed vulnerabilities.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988

https://www.bleepingcomputer.com/news/microsoft/new-windows-smartscreen-bypass-exploited-as-zero-day-since-march/

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/

https://www.zerodayinitiative.com/blog/2025/1/8/zdi-threat-hunting-2024-highlights-trends-amp-challenges

https://www.tenable.com/blog/microsofts-april-2024-patch-tuesday-addresses-147-cves-cve-2024-29988

Details

Source: Mitre, NVD

Published: 2024-04-09

Updated: 2024-11-29

Named Vulnerability: xzNamed Vulnerability: Microsoft SmartScreen Prompt Security Feature Bypass VulnerabilityKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.62587