On patch Tuesday (14 November), Windows released a comprehensive update fixing 63 vulnerabilities, including three high severity issues reportedly under active exploitation in the wild. These have been also added to the CISA Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities include two local privilege escalation (LPE) bugs impacting the core library of the Desktop Window Manager (CVE-2023-36033) and Cloud Files Mini Filter Driver (CVE-2023-26036) respectively; these are likely to be exploited in the wild chained with remote code execution vulnerabilities for initial intrusion. The third vulnerability is potentially the most concerning as it regards a SmartScreen Security Feature Bypass (CVE-2023-36025); similar flaws have been historically exploited by Russian threat actors and Magniber ransomware group.
- Clipeus