Microsoft · Windows · CVE-2023-36025
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions (affected versions not specified)
Description
The vulnerability relates to a security feature bypass in the Windows SmartScreen component, allowing attackers to circumvent security checks and warnings. Exploitation involves tricking users into clicking specially crafted URLs or shortcut (.URL) files that link to attacker-controlled resources. Multiple threat actors have been observed actively exploiting this vulnerability, including campaigns distributing Phemedrone Stealer, Mispadu Stealer, BattleRoyale, and Lumma malware. The vulnerability has been used in phishing attacks and to deliver malicious payloads. The exploitation of this vulnerability has been observed globally, with a significant increase in the use of .URL files in Q4 2023. The vulnerability is tracked as CVE-2023-36025 and has a CVSS score of 8.8.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.