Microsoft SmartScreen updated with newly identified Exploits (#696)

* Cisco Expressway Advisory * Format markdown files * Update 20240208003-Cisco-Expressway-Series-Cross_Site-Request-Forgery.md changing of links * Format markdown files * Adobe Releases Security Updates * Format markdown files * Adobe Releases Security Updates * Format markdown files * Bricks WordPress Advisory * Format markdown files * Bricks WordPress * Zyxel security advisory * Format markdown files * Linux Kernel Code Execution Vulnerability * Format markdown files * released a security advisory * Format markdown files * Update and rename 20240308004-Android-security-advisory.md to 20240308004-Android-security-advisory.md Changed from 007 to 008 * Android security advisory 20240308004 * Format markdown files * Fortinet Critical SQLi Vulnerability in FortiClientEMS * Format markdown files * Update 20240318003-Fortinet-Critical-SQLi-Vulnerability-in-FortiClientEMS-Software.md Minor grammar fix and observability * Format markdown files * Firefox Patches Critical Zero-Day Vulnerabilities * Format markdown files * Firefox Patches Critical Zero-Day Vulnerabilities - 20240327003 * Format markdown files * Update 20240327003-Firefox-Patches-Critical-Zero-Day-Vulnerabilities.md add cvss column and minor fix to table * Delete docs/advisories/20240326002-Firefox-Patches-Critical-Zero-Day-Vulnerabilities.md no longer needed * Format markdown files * Supply Chain Compromise Affecting XZ Utils Data Compression Library - 20240402002 * Format markdown files * Cisco Vulnerability in Small Business Routers * Format markdown files * Updated overview to include all Router series. * Bitdefender Advisory * Format markdown files * TP-Link Archer Routers Advisory * Format markdown docs * Update 20240418003-Botnets-Swarm-Exploited-in-TP-Link-Archer-Routers.md Fixing table * HashiCorp security advisory * Format markdown docs * Progress Software Telerik Reporting Vulnerability * Format markdown docs * WordPress Automatic plugin critical vulnerability * Format markdown docs * R Programming Language Vulnerability * Format markdown docs * Microsoft SmartScreen updated * Format markdown docs --------- Co-authored-by: GitHub Actions <[email protected]> Co-authored-by: Joshua Hitchen (DGov) <[email protected]> Co-authored-by: CharlesRN <[email protected]>
wagov · May 3, 2024 · a2686e0 · a2686e0
1 parent 8c60761
commit a2686e0
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/docs/advisories/20240501001-Microsoft-SmartScreen-Prompt-Vulnerability.md b/docs/advisories/20240501001-Microsoft-SmartScreen-Prompt-Vulnerability.md
@@ -6,9 +6,11 @@ SmartScreen Prompt Security Feature Bypass Vulnerability
 
 ## What is vulnerable?
 
-| CVE                                                               | Severity      | CVSS | Product(s) Affected                                                                 | Summary                                                  | Dated       |
-| ----------------------------------------------------------------- | ------------- | ---- | ----------------------------------------------------------------------------------- | -------------------------------------------------------- | ----------- |
-| [CVE-2024-29988](https://nvd.nist.gov/vuln/detail/CVE-2024-29988) | **Important** | 8.8  | **[Version](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988)** | SmartScreen Prompt Security Feature Bypass Vulnerability | Apr 9, 2024 |
+| CVE                                                               | Severity | CVSS | Product(s) Affected                                                                                                            | Summary                                                       | Dated        |
+| ----------------------------------------------------------------- | -------- | ---- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------- | ------------ |
+| [CVE-2024-29988](https://nvd.nist.gov/vuln/detail/CVE-2024-29988) | **High** | 8.8  | **[Version](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988)**                                            | SmartScreen Prompt Security Feature Bypass Vulnerability      | Apr 9, 2024  |
+| [CVE-2023-38831](https://nvd.nist.gov/vuln/detail/CVE-2023-38831) | **High** | 7.8  | **[Version](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Win32/CVE-2023-38831)** | Remote code execution                                         | Oct 22, 2023 |
+| [CVE-2024-21412](https://nvd.nist.gov/vuln/detail/CVE-2024-21412) | **High** | 8.1  | **[Version](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21412)**                                      | Internet Shortcut Files Security Feature Bypass Vulnerability | Mar 7, 2024  |
 
 ## What has been observed?
 
@@ -23,3 +25,7 @@ The WA SOC recommends administrators apply the solutions as per vendor instructi
 - [Microsoft - SmartScreen Prompt Security Feature Bypass Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988)
 
 - [CVE-2024-29988](https://www.cve.org/CVERecord?id=CVE-2024-29988)
+
+- [Exploit:Win32/CVE-2023-38831 threat description - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Win32/CVE-2023-38831)
+
+- [CVE-2023-38831 | Tenable®](https://www.tenable.com/cve/CVE-2023-38831)