Vulnerabilities > CVE-2023-36025 - Unspecified vulnerability in Microsoft products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2023-11-14

Updated: 2023-11-21

Summary

Windows SmartScreen Security Feature Bypass Vulnerability

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 - Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 - Microsoft Windows Server 2016 - Microsoft Windows Server 2019 - Microsoft Windows Server 2022 - Microsoft Windows 11 22H2 - Microsoft Windows 10 1607 - Microsoft Windows 10 1809 - Microsoft Windows 10 21H2 - Microsoft Windows 10 22H2 - Microsoft Windows 11 21H2 - Microsoft Windows 10 1507 - Microsoft Windows 11 23H2 -	26

Related news

This is why we update... Data-thief malware exploits unpatched Windows PCs (source)
Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs (source)
Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) (source)
Windows SmartScreen flaw exploited to drop Phemedrone malware (source)
Hackers used new Windows Defender zero-day to drop DarkMe malware (source)
Microsoft fixes two Windows zero-days exploited in malware attacks (source)

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.