Home Malware Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities | Cybersecurity

Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities | Cybersecurity

Malware

Windows.jpg

Nov 15, 2023. NewsroomPatch Tuesday / Zero-Day.

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild.

Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release.

The updates are in addition to more than 35 security shortcomings addressed in its Chromium-based Edge browser since the release of Patch Tuesday updates for October 2023.

The five zero-days that are of note are as follows –

  • CVE-2023-36025 (CVSS score: 8.8) – Windows SmartScreen Security Feature Bypass Vulnerability
  • CVE-2023-36033 (CVSS score: 7.8) – Windows DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2023-36036 (CVSS score: 7.8) – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  • CVE-2023-36038 (CVSS score: 8.2) – ASP.NET Core Denial of Service Vulnerability
  • CVE-2023-36413 (CVSS score: 6.5) – Microsoft Office Security Feature Bypass Vulnerability

Both CVE-2023-36033 and CVE-2023-36036 could be exploited by an attacker to gain SYSTEM privileges, while CVE-2023-36025 could make it possible to bypass Windows Defender SmartScreen checks and their associated prompts.

“The user would have to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be compromised by the attacker,” Microsoft said about CVE-2023-36025.

The Windows maker, however, has not provided any further guidance on the attack mechanisms employed and the threat actors that may be weaponizing them. But the active exploitation of the privilege escalation flaws suggests that they are likely used in conjunction with a remote code execution bug.

“There have been 12 elevation of privilege vulnerabilities in the DWM Core Library over the last two years, though this is the first to have been…

read more thehackernews.com

FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

“The adventure of life is to learn. The purpose of life is to grow. The nature of life is to change. The challenge of life is to overcome. The essence of life is to care. The opportunity of like is to serve. The secret of life is to dare. The spice of life is to befriend. The beauty of life is to give.” —William Arthur Ward

Related Posts

00ixaidywf70eisepars9v0 1.fit Lim.size 1200x630.v1701262622.jpg
Malware

Use Google Chrome? Update Your Browser Immediately | Tech Video

1701192961657.jpeg
Malware

Ransomware gangs and Living Off the Land (LOTL) attacks: A deep dive | Malware

Header 2.png
Malware

ownCloud vulnerability can be used to extract admin passwords | Malware

Weinar.jpg
Malware

Transform Your Data Security Posture – Learn from SoFi’s DSPM Success | Cybersecurity

Password.jpg
Malware

How Hackers Phish for Your Users’ Credentials and Sell Them | Cybersecurity

Macos Malware.jpg
Malware

N. Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection | Cybersecurity