Executive summary

Financially motivated threat actors are currently exploiting a critical vulnerability in unpatched versions of Windows SmartScreen. The vulnerability which is under exploitation was patched in Microsoft’s November patch Tuesday. Since its patch, a proof of concept exploiting the vulnerability in Windows SmartScreen has become publicly available.

What’s the risk to me or my business?

Windows SmartScreen is a security feature that prevents potentially harmful malware from running.  It checks applications or files to ensure that they are safe; if they are not deemed to be safe, it will give the users the option to cancel running them. The now publicly available exploit allows an attacker to cause a victim to automatically run malware, bypassing SmartScreen checks and therefore impacting the confidentiality, integrity, and availability of data. For an attacker to be able to exploit, all they would need is a user to click on a malicious URL.

What can I do?

Black Arrow recommends applying the patches made available by Microsoft immediately, which can be found in our blog post detailed below. Organisations running unpatched versions are leaving themselves at risk of exploitation.

Technical Summary

CVE-2023-36025- A security bypass vulnerability in Windows SmartScreen

Further information can be found here:

https://www.blackarrowcyber.com/blog/advisory-15-november-2023-microsoft-adobe-fortinet-vmware-wordpress-updates

https://www.ghacks.net/2023/04/11/microsoft-windows-security-updates-april-2023-what-you-need-to-know-before-installation/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity