top of page
  • Clipeus

November "Patch Tuesday"

On patch Tuesday (14 November), Windows released a comprehensive update fixing 63 vulnerabilities, including three high severity issues reportedly under active exploitation in the wild. These have been also added to the CISA Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities include two local privilege escalation (LPE) bugs impacting the core library of the Desktop Window Manager (CVE-2023-36033) and Cloud Files Mini Filter Driver (CVE-2023-26036) respectively; these are likely to be exploited in the wild chained with remote code execution vulnerabilities for initial intrusion. The third vulnerability is potentially the most concerning as it regards a SmartScreen Security Feature Bypass (CVE-2023-36025); similar flaws have been historically exploited by Russian threat actors and Magniber ransomware group.

Kommentarer


Kommentarer er slået fra.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page