CVE-2023-36025

Vulnerability updated 23 days ago (2024-11-29T13:37:49.404Z)
Download STIX
Preview STIX
CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another privilege escalation vulnerability affecting the Windows Cloud Files Mini Filter Driver. This flaw allows threat actors to bypass security measures when a user executes a malicious Internet Shortcut (.url) file. Despite Microsoft issuing a patch for this vulnerability in November 2023, it continues to be exploited by malware distributors. The exploitation of CVE-2023-36025 has been linked to various malware campaigns, including the delivery of powerful info-stealers such as DarkGate, Phemedrone Stealer, and Mispadu. In particular, a variant of the Phemedrone Stealer has been actively exploiting this flaw, leveraging it to bypass Windows security prompts when opening URL files. Researchers at Trend Micro were among those who discovered and reported this flaw to Microsoft, highlighting its critical nature due to its ability to affect all supported Windows versions. Given the public disclosure of technical details and the existence of proof-of-concept exploit code on the web, organizations are at an increased risk if they have not updated their systems to the latest patched version. To mitigate the risk posed by the Microsoft Windows Defender SmartScreen Bypass (CVE-2023-36025), organizations are strongly urged to update their Microsoft Windows installations. The continued exploitation of this vulnerability underlines the importance of timely system updates and robust cybersecurity practices.
Description last updated: 2024-08-14T08:44:38.188Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Microsoft
Malware
Windows
Exploit
Trojan
Styx
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Phemedrone Stealer Malware is associated with CVE-2023-36025. Phemedrone Stealer is a malicious software (malware) that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malware can infect systems through suspicious downloads, emails, or websites, often without the user's knowledge. It was observUnspecified
6
The Phemedrone Malware is associated with CVE-2023-36025. Phemedrone is a type of malware, or malicious software, that can infiltrate systems through various channels such as suspicious downloads, emails, or websites. Once inside a system, it can wreak havoc by stealing personal information, disrupting operations, or even holding data hostage for ransom. IUnspecified
5
The Mispadu Malware is associated with CVE-2023-36025. Mispadu is a malicious software (malware) that has been used to exploit and damage computer systems, often infiltrating the system through suspicious downloads, emails, or websites. It was first uncovered by Eset in 2019, who detailed its theft of money and credentials from Spanish- and Portuguese-sUnspecified
2
The Darkgate Malware is associated with CVE-2023-36025. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicioUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Battleroyal Threat Actor is associated with CVE-2023-36025. BattleRoyal, a threat actor group, has been observed using a variety of attack channels to deliver the DarkGate remote access trojan (RAT). These include phishing emails, fake browser updates, traffic distribution systems (TDSs), malicious VBScript, steganography, and notably, a Windows SmartScreen Unspecified
3
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-36033 Vulnerability is associated with CVE-2023-36025. CVE-2023-36033 is a significant privilege escalation vulnerability found in the Windows Desktop Window Manager (DWM) Core Library. This flaw was discovered as a zero-day vulnerability, meaning it was actively exploited before Microsoft could provide a patch. The exploit allows an attacker who succesUnspecified
2
The vulnerability CVE-2023-36036 is associated with CVE-2023-36025. Unspecified
2
Source Document References
Information about the CVE-2023-36025 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
4 months ago
Checkpoint
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
CERT-EU
a year ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Checkpoint
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago