CVE-2022-44698

Windows SmartScreen Security Feature Bypass Vulnerability

CVSS 5.4 MEDIUMEPSS 76.1%● KEV

In short

Windows SmartScreen, a security feature that warns users about potentially dangerous files and websites, can be bypassed. An attacker could craft specially formatted files or links that SmartScreen fails to detect, allowing malicious content to reach users without warning.

Technical detail

A logic flaw in Windows SmartScreen's validation mechanism allows attackers to bypass reputation checks through crafted file formats or URI constructions. The vulnerability requires user interaction to open/execute the bypass payload, but successfully circumvents the security prompt mechanism intended to protect against known malicious content.

Summary generated and translated by AI from the official description.

Windows SmartScreen Security Feature Bypass Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C

Affected products

Microsoft · Windows 10 Version 1607 Microsoft · Windows 10 Version 1809 Microsoft · Windows 10 Version 20H2 Microsoft · Windows 10 Version 21H1 Microsoft · Windows 10 Version 21H2 Microsoft · Windows 10 Version 22H2 Microsoft · Windows 11 version 21H2 Microsoft · Windows Server 2016 Microsoft · Windows Server 2019 Microsoft · Windows Server 2022

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-44698