First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. This one, an "important" 7.8-of-10-CVSS-rated bug, is not only listed as exploited by miscreants, the method of exploitation also been publicly disclosed.
He warns that both of these flaws are probably paired with a code execution bug in the attacks that Microsoft has observed. That is to say, a miscreant would typically find a way to gain arbitrary user-level execution on a target's machine and then use one of the above holes to gain sysadmin-level control.
The third vulnerability that was exploited before Microsoft could push a patch out, CVE-2023-36025, allows miscreants to bypass security features in Windows Defender SmartScreen - Redmond's anti-phishing and anti-malware feature.
[
add
]
[
|
|
...
]