November 2023

Episode 01   Published November 14, 2023 15 minute watch

Summary

In the first Patch [FIX] Tuesday episode, Automox Director of Security Tom Bowyer and CISO Jason Kikta cover a light November 2023 release that still carried one zero-day worth prioritizing. They prioritize CVE-2023-36025, a Windows SmartScreen bypass that Kikta ties to watered-down EV code-signing standards and that CISA has added to its Known Exploited Vulnerabilities catalog. Bowyer and Kikta also cover CVE-2023-36400, a Hyper-V guest-to-host breakout, and CVE-2023-36422, a Windows Defender privilege escalation that hands attackers SYSTEM access.