Heads up: Microsoft’s November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild.
First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. This one, an “important” 7.8-of-10-CVSS-rated bug, is not only listed as exploited by miscreants, the method of exploitation also been publicly disclosed.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” according to Redmond. That means rogue software and users on a vulnerable Windows box can take over the whole thing with this flaw. We’d expect to hear more about who is abusing this hole and how widespread the attacks are in the near future.