CVE-2023-36025

Vulnerability updated 25 days ago (2024-08-14T09:33:38.062Z)

Download STIX

Preview STIX

CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another privilege escalation vulnerability affecting the Windows Cloud Files Mini Filter Driver. This flaw allows threat actors to bypass security measures when a user executes a malicious Internet Shortcut (.url) file. Despite Microsoft issuing a patch for this vulnerability in November 2023, it continues to be exploited by malware distributors. The exploitation of CVE-2023-36025 has been linked to various malware campaigns, including the delivery of powerful info-stealers such as DarkGate, Phemedrone Stealer, and Mispadu. In particular, a variant of the Phemedrone Stealer has been actively exploiting this flaw, leveraging it to bypass Windows security prompts when opening URL files. Researchers at Trend Micro were among those who discovered and reported this flaw to Microsoft, highlighting its critical nature due to its ability to affect all supported Windows versions. Given the public disclosure of technical details and the existence of proof-of-concept exploit code on the web, organizations are at an increased risk if they have not updated their systems to the latest patched version. To mitigate the risk posed by the Microsoft Windows Defender SmartScreen Bypass (CVE-2023-36025), organizations are strongly urged to update their Microsoft Windows installations. The continued exploitation of this vulnerability underlines the importance of timely system updates and robust cybersecurity practices.

Description last updated: 2024-08-14T08:44:38.188Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Microsoft

Malware

Windows

Exploit

Trojan

Styx

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Phemedrone Stealer	Unspecified	6	Phemedrone Stealer is a type of malware that infiltrates systems to extract sensitive data. It has been found to have similar functionalities to another malware known as Styx Stealer, as evidenced by the country checks, anti-analysis function, and anti-VM checks in both malwares, according to Figure
Phemedrone	Unspecified	5	Phemedrone is a malicious software (malware) that has been designed to exploit and damage computer systems. This malware operates by infiltrating systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once it gains access, Phemedrone can steal personal informa
Mispadu	Unspecified	2	Mispadu is a malicious software (malware) that has been used to exploit and damage computer systems, often infiltrating the system through suspicious downloads, emails, or websites. It was first uncovered by Eset in 2019, who detailed its theft of money and credentials from Spanish- and Portuguese-s
Darkgate	Unspecified	2	DarkGate is a malicious software (malware) designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. Once embedded in a system, DarkGate can steal personal information, disrupt operations, or hold data for ransom. Recently, the malware was

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Battleroyal	Unspecified	3	BattleRoyal, a threat actor group, has been observed using a variety of attack channels to deliver the DarkGate remote access trojan (RAT). These include phishing emails, fake browser updates, traffic distribution systems (TDSs), malicious VBScript, steganography, and notably, a Windows SmartScreen

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2023-36033	Unspecified	2	CVE-2023-36033 is a high-severity privilege escalation vulnerability discovered in the Windows Desktop Window Manager (DWM) Core Library. This flaw was detected as one of the zero-days being exploited in the wild, along with two other vulnerabilities (CVE-2023-36025 and CVE-2023-36036). An attacker
CVE-2023-36036	Unspecified	2	None

Source Document References

Information about the CVE-2023-36025 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	17 days ago	'Styx Stealer' Blows Its Own Cover With Sloppy OpSec Mistake
Checkpoint	22 days ago	Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
CERT-EU	8 months ago	Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Checkpoint	2 months ago	Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112) - Check Point Research
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini