Windows SmartScreen Security Feature Bypass Vulnerability
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows server 2008 r2 |
||
microsoft windows server 2012 r2 |
||
microsoft windows server 2016 - |
||
microsoft windows server 2012 - |
||
microsoft windows server 2019 - |
||
microsoft windows server 2008 - |
||
microsoft windows server 2022 - |
||
microsoft windows 11 22h2 - |
||
microsoft windows 10 1607 - |
||
microsoft windows 10 1809 - |
||
microsoft windows 10 21h2 - |
||
microsoft windows 10 22h2 - |
||
microsoft windows 11 21h2 - |
||
microsoft windows 10 1507 - |
||
microsoft windows 11 23h2 - |
Microsoft fixes two Windows zero-days exploited in malware attacks By Sergiu Gatlan April 9, 2024 06:06 PM 0 Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. The first, tracked as CVE-2024-26234 and described as a proxy driver spoofing vulnerability, was issued to track a malicious driver signed using a valid Microsoft Hardware Publisher Certificate that was found by Sophos X-O...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc
Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak. The malware abuses CVE-2023-36025, which Microsoft patched in November. Specifically, the flaw allows Phemedrone and other malicious software to sidestep protections in Windows that are supposed to help users avoid running hostile code. Whe...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Plus: VMware closes critical hole, Adobe fixes a whopping 76 flaws
Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild. First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. This one, an "important" 7.8-of-10-CVSS-rated bug, is not only listed as exploited by miscreants, the method of exploitation also been publicly disclosed. "An attacker who successfully exploited th...