CVE-2024-29988

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to April 2024 Patch Tuesday

Description This issue is a security feature bypass vulnerability affecting the SmartScreen Prompt Security Feature in Microsoft Windows. The vulnerability allows attackers to bypass SmartScreen, potentially delivering malicious software to a target system. Exploitation requires user interaction, such as opening a specially crafted file or clicking a malicious link. Reports indicate that this vulnerability is being actively exploited in the wild, and it is related to CVE-2024-21412, which has been exploited by the Water Hydra APT group. The vulnerability impacts the security of web page shortcut prompts.

Recommendations Apply the updates released during the April 2024 Patch Tuesday to address this vulnerability.