CISA Catalogs Microsoft’s CVE-2024-29988 as Actively Exploited Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a recently patched Microsoft vulnerability (CVE-2024-29988) to its Known Exploited Vulnerabilities (KEV) catalog. This signals that threat actors are actively exploiting the vulnerability in the wild.
New Exploit Chain Emerges
The vulnerability in Microsoft’s SmartScreen security feature is particularly dangerous because it’s being combined with other known vulnerabilities to create a potent attack chain. This includes a flaw in the popular WinRAR archiver (CVE-2023-38831) as well as a newly discovered zero-day vulnerability (CVE-2024-21412) affecting how Windows processes internet shortcut files.
How the Attack Works
The attack begins by tricking a user into opening a specially crafted file. This file could be delivered in a phishing email or downloaded from a compromised website. Once opened, attackers leverage weaknesses in WinRAR to execute malicious code on the target system. From there, the CVE-2024-29988 SmartScreen vulnerability allows the malicious code to bypass Windows security warnings designed to protect users from untrusted files.
Patch Released, But Attacks Ongoing
Although Microsoft released a patch for the SmartScreen vulnerability in April, security experts are concerned that many organizations haven’t yet applied it. This leaves them open to attack and is the likely reason CISA took the unusual step of adding it to the KEV catalog.
CISA Issues Urgent Warning
CISA’s warning is particularly aimed at federal agencies, which are being given a deadline of May 21, 2024, to apply necessary patches. However, all organizations running Windows systems are advised to patch immediately as the risks posed by these exploits are severe.
What You Can Do to Protect Yourself
- Update Windows Systems: Ensure your operating system and all software are patched with the most recent security updates.
- Be Wary of Unexpected Files: Exercise extreme caution with email attachments or files from unknown sources. Don’t open them unless you can verify their legitimacy.
- Use a Reputable Antivirus/Security Suite: A good security solution can provide an extra layer of protection.