Windows SmartScreen Security Feature Bypass Vulnerability
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 14 November 2023
Badges
Summary
CVE-2023-36025 is a critical vulnerability in the Windows SmartScreen security feature that allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts. The flaw can be exploited by getting users to click on a maliciously crafted Internet shortcut or a link pointing to such a file. Once exploited, this could lead to successful phishing attacks, malware distribution, and other cybersecurity threats. Exploitation by APT Group TA544 has been observed, as well as reports of a financially motivated group abusing the flaw to distribute the Ursnif banking Trojan. This is the third zero-day bug in SmartScreen that Microsoft has disclosed this year, indicating the significance and potential widespread impact of the issue. Exploitation of this vulnerability poses a significant threat as it can lead to users' systems being hijacked and compromised, potentially resulting in data breaches and further spread of malware. It's crucial for organizations to promptly address this vulnerability to mitigate these risks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-36025 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1809 < 10.0.17763.5122
Windows Server 2019 < 10.0.17763.5122
Windows Server 2019 (Server Core installation) < 10.0.17763.5122
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Exploit for Critical Windows Defender Bypass Goes Public
Exploit for Critical Windows Defender Bypass Goes Public
8 months ago
Hackers Exploiting Windows Defender SmartScreen Flaw to Hijack Computers
Hackers actively target and exploit Windows Defender SmartScreen to deceive users and deliver malicious content by creating convincing, misleading websites or applications.ย
8 months ago
Phemedrone Stealer Targets Windows Defender Flaw Despite Patch
The malware targets browsers, steals crypto wallet and messaging app data, and collects system information
8 months ago
CVSS V3.1
Timeline
- ๐พ
Exploit exists.
Vulnerability started trending.
First article discovered by Dark Reading
Vulnerability published.
Vulnerability Reserved.