CISA Adds Three Known Exploited Vulnerabilities to Catalog - 20231115004¶
Overview¶
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
What is the vulnerability?¶
CVE-2023-36033 Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability - CVSS v3 Base Score: 7.8
CVE-2023-36025 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability - CVSS v3 Base Score: 8.8
CVE-2023-36036 Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability - CVSS v3 Base Score: 7.8
What has been observed?¶
CISA added these vulnerabilties in their Known Exploited Vulnerabilties catalog on 2023-11-14.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):