This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.

CVE-2024-29988

Category: Bypass Or Failure Of Protection Mechanism

Versions Affected:

Affected Desktop Operating Systems:

• Microsoft Windows 10 Version 22H2 for 32-bit Systems prior to release 10.0.19045.4291
• Microsoft Windows 10 Version 22H2 for ARM64-based Systems prior to release 10.0.19045.4291
• Microsoft Windows 10 Version 22H2 for x64-based Systems prior to release 10.0.19045.4291
• Microsoft Windows 10 Version 21H2 for x64-based Systems prior to release 10.0.19044.4291
• Microsoft Windows 10 Version 21H2 for ARM64-based Systems prior to release 10.0.19044.4291
• Microsoft Windows 10 Version 21H2 for 32-bit Systems prior to release 10.0.19044.4291
• Microsoft Windows 10 Version 1809 for ARM64-based Systems prior to release 10.0.17763.5696
• Microsoft Windows 10 Version 1809 for x64-based Systems prior to release 10.0.17763.5696
• Microsoft Windows 10 Version 1809 for 32-bit Systems prior to release 10.0.17763.5696
• Microsoft Windows 11 Version 22H2 for x64-based Systems prior to release 10.0.22621.3447
• Microsoft Windows 11 Version 22H2 for ARM64-based Systems prior to release 10.0.22621.3447
• Microsoft Windows 11 Version 23H2 for x64-based Systems prior to release 10.0.22631.3447
• Microsoft Windows 11 Version 23H2 for ARM64-based Systems prior to release 10.0.22631.3447
• Microsoft Windows 11 version 21H2 for ARM64-based Systems prior to release 10.0.22000.2899
• Microsoft Windows 11 version 21H2 for x64-based Systems prior to release 10.0.22000.2899

Affected Server Operating Systems:

• Microsoft Windows Server 2019 (Server Core installation) prior to release 10.0.17763.5696
• Microsoft Windows Server 2019 prior to release 10.0.17763.5696
• Microsoft Windows Server 2022, 23H2 Edition (Server Core installation) prior to release 10.0.25398.830
• Microsoft Windows Server 2022 (Server Core installation) prior to release 10.0.20348.2402
• Microsoft Windows Server 2022 prior to release 10.0.20348.2402

Vulnerability Summary:

SmartScreen contains a user interface security vulnerability that allows attackers to bypass intended user interface warnings of dangerous operations. This vulnerability is related to CVE-2024-21412, which was discovered in the wild and first addressed in February, The first patch did not completely resolve the second part of that exploit chain. An attacker could exploit this vulnerability by convincing a victim to open a malicious file (e.g. using social engineering tactics such as an external link or malicious attachment sent over email, instant messages or social media).

Official Fix & Remediation Guidance:

You can help protect your system by installing the security update update from Microsoft.

This update will be downloaded and installed automatically from Windows Update, and will automatically sync for customers using Windows Server Update Services (WSUS). To get the standalone package for this update, go to the Microsoft Update Catalog website.

Install the update, and refer to the advisory for any further configuration that may be required. After you install this update, you may have to restart your system.

NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).