{"id":55802,"date":"2024-04-10T00:15:14","date_gmt":"2024-04-10T00:15:14","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/"},"modified":"2024-04-10T00:15:14","modified_gmt":"2024-04-10T00:15:14","slug":"microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/","title":{"rendered":"Microsoft squashes SmartScreen security bypass bug exploited in the wild"},"content":{"rendered":"<p><span class=\"label\">Patch Tuesday<\/span> Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we&#8217;ve been told another hole is under attack, too.<\/p>\n<p>The bug the IT giant said was being abused in the wild is <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-26234\">CVE-2024-26234<\/a>, described as a proxy driver spoofing vulnerability in Windows. This was reported to Redmond by Christopher Budd of Sophos and is rated 6.7 out of 10 on the CVSS severity scale. Microsoft initially listed it as non-exploited then during the day upgraded that to exploited.<\/p>\n<p>Sophos has published <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/news.sophos.com\/en-us\/2024\/04\/09\/smoke-and-screen-mirrors-a-strange-signed-backdoor\/\">a write-up here<\/a> about the issue, which expands upon <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/stairwell.com\/resources\/signed-sealed-but-not-always-secure-rethinking-trust-in-digitally-signed-certificates\/\">research<\/a> emitted by infosec outfit Stairwell in January.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>In brief, it appears an innocent-looking executable digitally signed by a vendor&#8217;s valid Microsoft Hardware Publisher Certificate actually contained a backdoor that uses an embedded proxy server to monitor and intercept network traffic on an infected Windows machine.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>It appears someone was able to take that program, sign it using the publisher cert so that the operating system trusted it, then bundle it with marketing\/spam software designed to remote-control phones to make them act like online bots, collectively liking posts, following people on social media, and posting comments. Running the program would introduce the backdoor on the victim&#8217;s PC. Now, according to Sophos, Microsoft has revoked the software&#8217;s certification and assigned the issue CVE-2024-26234.<\/p>\n<h3 class=\"crosshead\">Wait, there&#8217;s more<\/h3>\n<p>According to Redmond, that was the only security hole exploited in the wild addressed in its Patch Tuesday for April. But we&#8217;re told that isn&#8217;t quite right.<\/p>\n<p>Trend Micro&#8217;s Zero Day Initiative says a separate vulnerability, spotted and reported by bug hunter Peter Girrus, was <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2024\/4\/9\/the-april-2024-security-updates-review\">under attack<\/a> in the wild before Microsoft issued a patch this week. &#8220;We have evidence this is being exploited in the wild, and I&#8217;m listing it as such,&#8221; ZDI&#8217;s Dustin Childs declared.<\/p>\n<p>Let&#8217;s start with the bug ZDI categorizes as being under exploit in the wild.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>This one is a SmartScreen prompt security feature bypass vulnerability tracked as <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29988\">CVE-2024-29988<\/a>, and it received an 8.8 out of 10 CVSS severity rating. While Microsoft says the flaw hasn&#8217;t been exploited or publicly disclosed, it does list it as &#8220;exploitation more likely.&#8221;<\/p>\n<p>Pulling off this bypass requires tricking someone into running malicious files \u2014 for example by sending a phishing email or a text message that includes a link to an attacker-controlled website, or a malicious attachment. &#8220;In any case an attacker would have no way to force a user to view attacker-controlled content,&#8221; Redmond contends.<\/p>\n<p>But, assuming an attacker can fool someone into clicking on a malicious link or opening a malware-laden file, the bug allows them to bypass the SmartScreen security feature in Windows that&#8217;s supposed to alert users to any untrusted websites or other threats.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Threat actors are sending exploits in a zipped file to evade EDR\/NDR detection and then using this bug (and others) to bypass Mark of the Web (MotW),&#8221; Childs explained.<\/p>\n<p>This one deserves priority patching.<\/p>\n<h3 class=\"crosshead\">70 RCEs overall, only three deemed critical<\/h3>\n<p>While Microsoft&#8217;s monthly patch party fixes 70 CVEs that allow remote code execution (RCE), it only classified three of these as critical-severity bugs and all three are in Microsoft Defender for IoT.<\/p>\n<p>First up: <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-21322\">CVE-2024-21322<\/a>, which received a 7.2 CVSS rating. &#8220;Successful exploitation of this vulnerability requires the attacker to be an administrator of the web application,&#8221; Redmond warns. &#8220;As is best practice, regular validation and audits of administrative groups should be conducted.&#8221;<\/p>\n<p>There&#8217;s also <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-21323\">CVE-2024-21323<\/a>, an 8.8-rated flaw that we&#8217;re told could be exploited by sending a .tar file to a Defender for IoT sensor. &#8220;After the extraction process completed, the attacker could then send unsigned update packages and overwrite any file they chose,&#8221; Microsoft said.<\/p>\n<p>And the third RCE, again in Defender for IoT and also receiving an 8.8 CVSS rating, is <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-29053\">CVE-2024-29053<\/a>. This one can be triggered by any authenticated attacker \u2014 it doesn&#8217;t require any elevated privileges \u2014 with access to the file upload feature.<\/p>\n<h3 class=\"crosshead\">Adobe fills 24 holes<\/h3>\n<p>Adobe this month issued nine patches that fix 24 CVEs across its products, and none are listed as under attack or publicly known.<\/p>\n<p>One of the fixes is deemed &#8220;important&#8221; in the following products: <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/after_effects\/apsb24-09.html\">After Effects<\/a>, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/photoshop\/apsb24-16.html\">Photoshop<\/a>, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/indesign\/apsb24-20.html\">InDesign<\/a>, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/bridge\/apsb24-24.html\">Bridge<\/a> and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/illustrator\/apsb24-25.html\">Illustrator<\/a>.<\/p>\n<p>All are at risk of memory leakage.<\/p>\n<p>Two critical vulnerabilities, one in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/magento\/apsb24-18.html\">Adobe Commerce<\/a> and another present in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/media-encoder\/apsb24-23.html\">Media Encoder<\/a> could allow remote code execution.<\/p>\n<p>There&#8217;s a whopping 12 CVEs in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/experience-manager\/apsb24-21.html\">Experience Manager<\/a>, and the patches resolve &#8220;important&#8221; flaws that could result in arbitrary code execution and security feature bypass.<\/p>\n<p>And finally four critical and important CVEs in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/animate\/apsb24-26.html\">Animate<\/a> could lead to code execution, application denial-of-service, and memory leaking.<\/p>\n<h3 class=\"crosshead\">SAP sails into Patch Tuesday<\/h3>\n<p>SAP <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/support.sap.com\/en\/my-support\/knowledge-base\/security-notes-news\/february-2024.html\">released<\/a> a dozen new and updated security notes. Three of the notes are high priority for users.<\/p>\n<p>Of the trio, #3434839 patches a so-called security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine (UME) that received an 8.8 CVSS score.<\/p>\n<p>&#8220;The &#8216;Self-Registration&#8217; and &#8216;Modify your own profile&#8217; features of the UME do not consider existing password requirements and therefore, allow using simple passwords that can be easily cracked,&#8221; <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/onapsis.com\/blog\/sap-patch-day-april-2024\/\">explained<\/a> Thomas Fritsch, SAP security researcher at Onapsis. These features are optional and disabled by default.<\/p>\n<p>&#8220;The title of the assigned vulnerability seems to be a little bit misleading since the vulnerability is not caused by a configuration issue but by a missing check in the program logic,&#8221; he continued.<\/p>\n<p>&#8220;Onapsis recommends implementing the note independently of whether one or both features are enabled or not. This ensures security once you decide to enable one of the features.&#8221;<\/p>\n<p>Another high priority note, #3421384, fixes an information disclosure vulnerability in SAP BusinessObjects Web Intelligence, while the third high priority one, #3438234, addresses a directory traversal vulnerability in two programs of SAP Asset Accounting.<\/p>\n<h3 class=\"crosshead\">Fortinet fortifies its follies<\/h3>\n<p>Fortinet released updates to fix security holes in FortiOS and FortiProxy.<\/p>\n<p>This includes an insufficiently protected credentials bug tracked as <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-23-493\">CVE-2023-41677<\/a> in FortiOS and FortiProxy. It received a 7.5 CVSS rating and &#8220;may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN,&#8221; the vendor warned.<\/p>\n<p><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-23-413\">CVE-2023-48784<\/a>, in the FortiOS command line interface could allow a local attacker with admittedly super-admin privileges and CLI access to execute arbitrary code.<\/p>\n<p>Plus, there&#8217;s a patch for <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-23-224\">CVE-2024-23662<\/a> in FortiOS that, if the bug is exploited, can lead to information disclosure.<\/p>\n<h3 class=\"crosshead\">VMware, Cisco join in the fun<\/h3>\n<p>VMware, earlier this month, <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2024-0008.html\" rel=\"nofollow\">disclosed three CVEs<\/a> in its SD-WAN Edge and SD-WAN Orchestrator products. The most serious of the bunch is an unauthenticated command injection vulnerability in SD-WAN Edge tracked as CVE-2024-22246. It can be abused for remote code execution, and received a CVSS rating of 7.4.<\/p>\n<p>Also during the first week of April Cisco <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/publicationListing.x\">issued<\/a> a bunch of new and updated advisories addressing 12 medium-severity flaws and two high-severity ones.<\/p>\n<p>One of the two, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ndfc-dir-trav-SSn3AYDw\">CVE-2024-20348<\/a>, is a new flaw in the Out-of-Band (OOB) Plug and Play (PnP) feature of Cisco Nexus Dashboard Fabric Controller (NDFC). If exploited, it could allow an unauthenticated, remote attacker to read arbitrary files.<\/p>\n<h3 class=\"crosshead\">Google gone wild<\/h3>\n<p>Rounding out April&#8217;s Patchapalooza, albeit over a week early, Google has addressed almost 30 bugs affecting Android devices in this month&#8217;s <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2024-04-01\">Android Security Bulletin<\/a>.<\/p>\n<p>&#8220;The most severe of these issues is a high security vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed,&#8221; Google warned. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/04\/10\/april_patch_tuesday\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus: Adobe, SAP, Fortinet, VMware, Cisco issue pressing updates Patch Tuesday\u00a0 Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we&#8217;ve been told another hole is under attack, too.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-55802","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft squashes SmartScreen security bypass bug exploited in the wild 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft squashes SmartScreen security bypass bug exploited in the wild 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-10T00:15:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft squashes SmartScreen security bypass bug exploited in the wild\",\"datePublished\":\"2024-04-10T00:15:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/\"},\"wordCount\":1268,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/\",\"name\":\"Microsoft squashes SmartScreen security bypass bug exploited in the wild 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-04-10T00:15:14+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft squashes SmartScreen security bypass bug exploited in the wild\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft squashes SmartScreen security bypass bug exploited in the wild 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft squashes SmartScreen security bypass bug exploited in the wild 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-04-10T00:15:14+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft squashes SmartScreen security bypass bug exploited in the wild","datePublished":"2024-04-10T00:15:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/"},"wordCount":1268,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/","name":"Microsoft squashes SmartScreen security bypass bug exploited in the wild 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-04-10T00:15:14+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZhX36eZaZQfG8HQorJQL1wAAAFE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-squashes-smartscreen-security-bypass-bug-exploited-in-the-wild\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft squashes SmartScreen security bypass bug exploited in the wild"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55802","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55802"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55802\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55802"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}