Microsoft has issued fixes for a total of five zero-day vulnerabilities on the penultimate Patch Tuesday of 2023, three of them known to have already been exploited in the wild.
The three exploited zero-days are tracked as CVE-2023-36025, a security feature bypass in Windows SmartScreen; CVE-2023-36033, an elevation of privilege (EoP) vulnerability in Windows DWM Core Library; and CVE-2023-36036, an EoP vulnerability in Windows Cloud Files Mini Filter Driver.
"CVE-2023-36025 describes a Windows SmartScreen security feature bypass. An attacker who convinces a user to open a specially crafted malicious internet Shortcut file could bypass the anti-phishing and anti-malware protection provided by Windows SmartScreen."
[
add
]
[
|
|
...
]