Login Sign Up

CVE-2024-29988

8.8 HIGH

📋 TL;DR

This vulnerability allows attackers to bypass Microsoft's SmartScreen security prompts, which normally warn users about potentially malicious files or websites. Attackers can trick users into executing malicious content without seeing the usual security warnings. This affects Windows systems with SmartScreen enabled.

💻 Affected Systems

Products:
  • Microsoft Windows
  • Microsoft Edge
  • Microsoft Defender SmartScreen
Versions: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022 (specific builds before April 2024 updates)
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with SmartScreen enabled (default in Windows). Edge browser and Windows Defender SmartScreen components are vulnerable.

📦 What is this software?

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 11 21h2 by Microsoft

View all CVEs affecting Windows 11 21h2 →

Windows 11 22h2 by Microsoft

View all CVEs affecting Windows 11 22h2 →

Windows 11 23h2 by Microsoft

View all CVEs affecting Windows 11 23h2 →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

Windows Server 2022 23h2 by Microsoft

View all CVEs affecting Windows Server 2022 23h2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via execution of malicious files that bypass all SmartScreen warnings, leading to ransomware deployment, data theft, or persistent backdoor installation.

🟠

Likely Case

Users inadvertently executing malware (trojans, info-stealers, ransomware) after being tricked into bypassing SmartScreen warnings via social engineering or malicious links.

🟢

If Mitigated

Limited impact with proper endpoint protection, user training, and network segmentation preventing successful exploitation even if bypass occurs.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely via web content, email attachments, or downloads without authentication.
🏢 Internal Only: MEDIUM - Requires user interaction but can be exploited via internal phishing or malicious internal websites.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (clicking links/files) but is technically simple once the bypass method is known. Microsoft indicates awareness of exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: April 2024 security updates (KB5036893 for Windows 11, KB5036892 for Windows 10, etc.)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988

Restart Required: Yes

Instructions:

1. Apply April 2024 Windows security updates via Windows Update. 2. For enterprise: Deploy patches through WSUS, Microsoft Endpoint Configuration Manager, or equivalent. 3. Restart systems after patch installation.

🔧 Temporary Workarounds

Disable SmartScreen (NOT RECOMMENDED)

windows

Temporarily disables SmartScreen feature but removes important security protection

Not recommended due to security degradation

Enhanced security configuration

windows

Configure Windows Defender Application Control or AppLocker to restrict untrusted executables

🧯 If You Can't Patch

  • Implement network segmentation to limit lateral movement if exploitation occurs
  • Deploy endpoint detection and response (EDR) solutions to detect malicious file execution attempts

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for April 2024 security updates or run: systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Check Version:

winver

Verify Fix Applied:

Verify KB5036893 (Windows 11) or KB5036892 (Windows 10) is installed via: wmic qfe list | findstr "5036893 5036892"

📡 Detection & Monitoring

Log Indicators:

  • Windows Defender/SmartScreen logs showing bypass events
  • Event ID 1125, 1126 in Windows Defender operational logs
  • Unexpected process execution from untrusted locations

Network Indicators:

  • Downloads from suspicious domains followed by immediate execution
  • Unusual outbound connections after file execution

SIEM Query:

Process creation where parent process is explorer.exe and command line contains suspicious parameters or URLs

📊 Metadata

CVE ID: CVE-2024-29988
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-693
Published: April 9, 2024
Last Updated: October 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29988, you might also want to check these:

CVE-2023-31273 10.0

This vulnerability in Intel Data Center Manager (DCM) software allows unauthenticated attackers to b...

Same vulnerability type (CWE-693)
CVE-2021-32835 9.9

CVE-2021-32835 is a sandbox escape vulnerability in Eclipse Keti that allows authenticated attackers...

Same vulnerability type (CWE-693)
CVE-2025-68668 9.9

This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticate...

Same vulnerability type (CWE-693)