A new information-stealing malware called Phemedrone is exploiting a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts and harvest data from web browsers, cryptocurrency wallets, and various software applications. The flaw, fixed during November 2023 Patch Tuesday, allows attackers to trick victims into opening malicious URL files, leading to the execution of a PowerShell loader and the theft of sensitive information. Trend Micro reports that Phemedrone targets a wide range of applications and data, and has published indicators of compromise for this campaign.
Microsoft has identified a Russian-based threat actor behind the exploitation of a critical vulnerability in its Outlook software. The company has urged all customers to update their Microsoft Outlook for Windows to remain secure. The vulnerability is a critical privilege escalation issue that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. Microsoft has also flagged a second vulnerability for urgent attention and warned attackers are continuing to actively bypass its SmartScreen security feature.
Microsoft released updates to fix at least 74 security bugs in its Windows operating systems and software, including two zero-day flaws being actively attacked. One of the flaws is an Outlook vulnerability affecting all versions of Microsoft Outlook from 2013 to the newest, which can be exploited without any user interaction. The other flaw is a "Security Feature Bypass" in Windows SmartScreen. Seven other vulnerabilities Microsoft patched this week earned its most-dire "critical" severity label. Adobe also released eight patches addressing 105 security holes across a variety of products.
Microsoft has released security updates for at least 80 Windows flaws, including a critical-severity issue in Microsoft Outlook (CVE-2023-23397) that has been exploited in zero-day attacks. The company also warned of a second vulnerability (CVE-2023-24880) that attackers are actively bypassing its SmartScreen security feature. Meanwhile, Adobe has issued an urgent warning about “very limited attacks” exploiting a zero-day vulnerability in its Adobe ColdFusion web app development platform.
