Intrusion PreventionMS.Windows.SmartScreen.Authenticode.Security.Feature.Bypass
Description
This indicates an attack attempt to exploit a Security Feature Bypass Vulnerability in Microsoft Windows Server.
This vulnerability is due to improper handling of Authenticode signatures. A remote attacker could exploit this vulnerability by enticing a target user to open a crafted executable or visit a malicious link. Successful exploitation could result in the bypass of SmartScreen security warnings.
Affected Products
Microsoft Windows 10
Microsoft Windows 10 Version 1607
Microsoft Windows 10 Version 1809
Microsoft Windows 10 version 20H2
Microsoft Windows 10 version 21H1
Microsoft Windows 10 Version 21H2
Microsoft Windows 10 Version 22H2
Microsoft Windows 11 Version 21H2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-44698
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-05-23 | 23.560 | Sig Added |
| 2023-05-02 | 23.544 | Default_action:pass:drop |
| 2023-04-19 | 23.537 |
| ID | 52824 |
| Created | Apr 11, 2023 |
| Updated | May 23, 2023 |
| Risk |
|
| CVE ID | CVE-2022-44698 |
| Known Exploited | Yes |
| Exploit Prediction Score | 2.3% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |