Summary
In the first Patch [FIX] Tuesday episode, Automox Director of Security Tom Bowyer and CISO Jason Kikta cover a light November 2023 release that still carried one zero-day worth prioritizing. They prioritize CVE-2023-36025, a Windows SmartScreen bypass that Kikta ties to watered-down EV code-signing standards and that CISA has added to its Known Exploited Vulnerabilities catalog. Bowyer and Kikta also cover CVE-2023-36400, a Hyper-V guest-to-host breakout, and CVE-2023-36422, a Windows Defender privilege escalation that hands attackers SYSTEM access.
)
)
)
)
)