1080*80 ad
Home » Blog » Microsoft Addresses Three Actively Exploited Zero-Days

Microsoft Addresses Three Actively Exploited Zero-Days

Benhcmark Administrator Benhcmark Administrator
09/11/2025
0 Views 0
Microsoft Addresses Three Actively Exploited Zero-Days

Urgent Security Alert: Microsoft Patches Three Zero-Day Flaws Under Active Attack

In a significant move to bolster cybersecurity, Microsoft has released critical security updates addressing a trio of zero-day vulnerabilities that are currently being exploited in the wild. These flaws affect core components of the Windows operating system, posing a serious risk to users and organizations who have not yet applied the latest patches.

When a vulnerability is classified as a “zero-day,” it means attackers discovered and began using the exploit before developers could create a fix. The active exploitation of these three distinct vulnerabilities makes installing the latest security updates an immediate priority for all Windows users.

Here’s a breakdown of the critical threats that have been neutralized.

CVE-2023-36025: Windows SmartScreen Security Feature Bypass

This is arguably the most critical vulnerability of the three due to its potential for widespread impact through social engineering.

  • What it is: A security feature bypass in Windows SmartScreen.
  • How it works: An attacker can craft a malicious Internet Shortcut (.url) or hyperlink file that completely bypasses Windows SmartScreen protections. When a user clicks on this file, they will not receive the usual security warnings or prompts that would normally alert them to potentially harmful content.
  • The Threat: This flaw effectively dismantles a key defense layer. Attackers can more easily trick users into running malicious scripts or downloading malware, as the operating system fails to flag the danger. This vulnerability lowers the bar for successful phishing and malware delivery campaigns.

CVE-2023-36033: Windows DWM Core Library Elevation of Privilege Vulnerability

Once an attacker has a foothold on a system, their next goal is often to gain higher-level permissions. This vulnerability provides exactly that opportunity.

  • What it is: An elevation of privilege flaw in the Windows Desktop Window Manager (DWM) Core Library.
  • How it works: An attacker who has already gained basic access to a target system can exploit this vulnerability to elevate their privileges to SYSTEM level.
  • The Threat: Gaining SYSTEM-level privileges is the “holy grail” for an attacker. It gives them complete control over the compromised machine, allowing them to install persistent malware, steal sensitive data, disable security software, and move laterally across a network.

CVE-2023-36036: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Similar to the DWM flaw, this vulnerability is also focused on gaining administrative control over a compromised system.

  • What it is: Another elevation of privilege flaw, this time located in the Windows Cloud Files Mini Filter Driver.
  • How it works: Like the previous flaw, this requires an attacker to already have a presence on the system. By exploiting this vulnerability, they can escalate their access to full SYSTEM privileges.
  • The Threat: The danger here is identical to CVE-2023-36033. Attackers can use this to turn a minor breach into a full-scale system compromise, making it a critical vulnerability for post-exploitation attacks.

Your Immediate Action Plan: How to Protect Your Systems

The fact that all three of these vulnerabilities are being actively used in real-world attacks means there is no time for delay. Proactive measures are essential to secure your digital environment.

  1. Apply Updates Immediately: The single most important action you can take is to install the latest Windows security updates. Navigate to Settings > Update & Security > Windows Update and click “Check for updates.” Ensure the latest cumulative updates are downloaded and installed, then reboot your system. For businesses, IT administrators should prioritize pushing these patches through their deployment systems like WSUS or Configuration Manager.

  2. Maintain User Awareness: The SmartScreen bypass (CVE-2023-36025) heavily relies on a user clicking a malicious link or file. Educate yourself and your teams to be vigilant. Do not open attachments or click links from unknown or untrusted sources, even if they appear harmless.

  3. Enforce the Principle of Least Privilege: The two elevation of privilege vulnerabilities highlight the importance of this security concept. Ensure that user accounts operate with the minimum level of permissions necessary to perform their duties. This can limit the damage an attacker can do even if they successfully exploit a flaw.

  4. Utilize Advanced Endpoint Protection: Modern antivirus and Endpoint Detection and Response (EDR) solutions can often detect and block the malicious activity that follows an exploit, even if the vulnerability itself is new. These tools provide a critical layer of defense against post-exploitation behavior.

In today’s threat landscape, staying on top of security patches is not just a best practice—it’s a fundamental necessity. These actively exploited zero-days are a stark reminder that cybercriminals are constantly searching for any weakness to exploit. Taking swift and decisive action is the only way to stay protected.

Source: https://www.helpnetsecurity.com/2025/10/15/microsoft-patch-tuesday-zero-days-cve-2025-24990-cve-2025-59230-cve-2025-47827/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket