Patch/Configuration Management

Microsoft patches 3 high-severity bugs under active attack

The Microsoft logo is seen on the facade of a store.

Microsoft patched three high-severity vulnerabilities under active attack on Tuesday, part of its November round of security updates that included a total of 63 bug fixes.

The Patch Tuesday roundup included three critical patches, 56 important fixes and four moderate in severity updates, according to Microsoft. Aside from the zero-day bugs patched by Microsoft, three additional vulnerabilities patched on Tuesday have been made public before the release of the patches, according the SANS Internet Storm Center.

One of the vulnerabilities, tracked as CVE-2023-36036, is an elevation of privileges bug impacting Windows Cloud Files Mini Filter Driver and is rated high severity with a CVSS score of 7.8. Microsoft said attackers are abusing the flaw to gain Windows system-level privileges. 

A second high-severity elevation privilege bug, also actively being exploited (CVE-2023-36033), lays open the Windows DWM Core Library to attack, giving an adversary system-level privileges.

A feature bypass vulnerability is also being exploited in the wild, Microsoft said. Rated high severity (CVSS 8.8), the bug (CVE-2023-36025) impacts the Windows SmartScreen Security Feature. Microsoft said attackers are bypassing the Windows Defender SmartScreen checks and associated prompts. The way in which the bug is abused requires attackers to trick users to click on a malicious shortcut file hyperlink (.url) as part of the attack.

Of note is three of the vulnerabilities under active attack are rated by Microsoft as important, while NIST's National Vulnerability Database rates the same three bugs (CVE-2023-36036, CVE-2023-36025, CVE-2023-36033) as having a Common Vulnerability Scoring System (CVSS) 3.x severity rating of high.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.