Security News > 2024 > April > Microsoft squashes SmartScreen security bypass bug exploited in the wild
Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too.
Trend Micro's Zero Day Initiative says a separate vulnerability, spotted and reported by bug hunter Peter Girrus, was under attack in the wild before Microsoft issued a patch this week.
Let's start with the bug ZDI categorizes as being under exploit in the wild.
This one is a SmartScreen prompt security feature bypass vulnerability tracked as CVE-2024-29988, and it received an 8.8 out of 10 CVSS severity rating.
Assuming an attacker can fool someone into clicking on a malicious link or opening a malware-laden file, the bug allows them to bypass the SmartScreen security feature in Windows that's supposed to alert users to any untrusted websites or other threats.
There's a whopping 12 CVEs in Experience Manager, and the patches resolve "Important" flaws that could result in arbitrary code execution and security feature bypass.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/04/10/april_patch_tuesday/
Related news
- Microsoft shares workaround for Windows security update issues (source)
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
- Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- AI agents swarm Microsoft Security Copilot (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-29988 | Unspecified vulnerability in Microsoft products SmartScreen Prompt Security Feature Bypass Vulnerability | 0.0 |