image credit: Unsplash

Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

November 15, 2023

Heads up: Microsoft’s November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild.

First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. This one, an “important” 7.8-of-10-CVSS-rated bug, is not only listed as exploited by miscreants, the method of exploitation also been publicly disclosed.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” according to Redmond. That means rogue software and users on a vulnerable Windows box can take over the whole thing with this flaw. We’d expect to hear more about who is abusing this hole and how widespread the attacks are in the near future.

Read More on The Register