Cyber Security News

Hackers Exploiting Windows SmartScreen Zero-day Flaw to Deploy Remcos RAT

Microsoft released multiple security patches as part of their Patch Tuesday, in which three zero-day vulnerabilities were also patched. One of the zero-day vulnerabilities was CVE-2023-36025, which affected the Windows SmartScreen function.

This vulnerability was given a severity rating of 8.8 (High) and was actively exploited by threat actors in the wild. This vulnerability was reported to be a security bypass vulnerability that an unauthorized threat actor can exploit but requires user interaction for successful exploitation.

Windows SmartScreen Zero-day Vulnerability

SmartScreen guards against untrusted sources, warning users about potentially malicious websites and files. 

This vulnerability allows a threat actor to craft special files or hyperlinks that could bypass SmartScreen’s security warnings.

However, the exploitation of this vulnerability was associated with a crafted Internet Shortcut File (.URL), which SmartScreen does not properly validate.

Exploit Code Example

A crafted file that can exploit this vulnerability can be found below


The URL in the file points to a malicious website, and the IconFile path can point to a network location controlled by the threat actor. With these parameters, a threat actor could download malicious payloads and execute them on vulnerable systems.

Moreover, the initial delivery of this malicious file could be through phishing emails or compromised websites. If the user downloads and clicks on the malicious internet shortcut file, the payload gets executed, providing access to a threat actor.

A complete proof of concept for this vulnerability has been published, providing detailed information on the source code, method, and other information.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.


Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.

Recent Posts

Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More

On a weekly basis, the cyber security newsletter is considered an essential update on information…

5 hours ago

8.5 Million Windows Systems Hit by CrowdStrike Faulty Update – Microsoft Says!

Microsoft has revealed that a faulty software update released by cybersecurity firm CrowdStrike on July…

1 day ago

Hackers Exploits CrowdStrike Issues to Attack Windows System With RemCos Malware

On July 19, 2024, CrowdStrike identified an issue in a content update for the Falcon…

1 day ago

Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks

Cybersecurity experts have uncovered a concerning development following the recent CrowdStrike Falcon sensor issue that…

2 days ago

10 Best Linux Firewalls In 2024

At present, many computers are connected via numerous networks. Monitoring all traffic and having something…

2 days ago

CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop

CrowdStrike has issued a fix for a problematic update that caused numerous Windows systems to…

2 days ago