Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36025
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 14 November 2023
Badges
What is CVE-2023-36025?
CVE-2023-36025 is a significant vulnerability identified in Windows SmartScreen, a security feature developed by Microsoft intended to protect users from malicious websites and downloads. This vulnerability allows attackers to bypass the SmartScreen filter, potentially exposing users to harmful software and attacks. Given the prevalence of Windows operating systems in organizational environments, this flaw could have serious implications, enabling threat actors to compromise systems and extract sensitive information.
Technical Details
The vulnerability facilitates a bypass of the Windows SmartScreen security feature, which generally serves as a vital defense layer against phishing attempts and other web-based threats. Although specific technical mechanisms behind the vulnerability can vary, the exploit undermines the core functionality of SmartScreen, allowing for the execution of malicious actions that would typically be blocked.
Potential Impact of CVE-2023-36025
-
Malware Infection: By bypassing SmartScreen protections, attackers can introduce malware into organizational networks, leading to potential data loss or system corruption.
-
Data Breaches: The ability to bypass security measures means that sensitive organizational data can be targeted and exfiltrated by attackers, resulting in significant data privacy concerns and regulatory compliance issues.
-
Increased Ransomware Threat: With the exposure of Windows systems to unfiltered threats, the likelihood of ransomware attacks increases, potentially crippling organizational operations and demanding costly ransoms for data recovery.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20308
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.6452
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5122
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Exploit for Critical Windows Defender Bypass Goes Public
Exploit for Critical Windows Defender Bypass Goes Public
1 year ago
Cyber Security NewsCVE-2023-36025Hackers Exploiting Windows Defender SmartScreen Flaw to Hijack Computers
Hackers actively target and exploit Windows Defender SmartScreen to deceive users and deliver malicious content by creating convincing, misleading websites or applications.Β
1 year ago
Infosecurity MagazineCVE-2023-36025Phemedrone Stealer Targets Windows Defender Flaw Despite Patch
The malware targets browsers, steals crypto wallet and messaging app data, and collects system information
1 year ago
References
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π
Vulnerability started trending
- π°
Used in Ransomware
- π‘
Public PoC available
- π°
First article discovered by Dark Reading
- πΎ
Exploit known to exist
- π¦
CISA Reported
Vulnerability published
Vulnerability Reserved