Though the threat may be patched up by Windows, you could still be at risk for this Windows SmartScreen malware threat. Kurt “CyberGuy" Knutsson discusses the issue.

A Microsoft Defender SmartScreen vulnerability patched in November has found fresh active exploitation in a Phemedrone information-stealing malware campaign, according to cybersecurity research ...

The vulnerability in question impacts Microsoft Windows Defender SmartScreen, resulting from inadequate checks on Internet Shortcut (.url) files. Threat actors leverage this loophole by creating .url ...

This Common Vulnerability Enumeration (CVE) relates to Microsoft Windows Defender SmartScreen and how it handles Internet Shortcut .url files.

So far, it's looking like the useful phishing protections enabled by a Microsoft Defender SmartScreen capability are just for Windows 11 users, starting with version 22H2.

The flaw, which is actively being attacked, could allow a harmful URL file to bypass the usual security checks and prompts provided by Windows Defender SmartScreen.

It can also be exploited locally, with low complexity and without the need for high-level privileges or user interaction. The final zero-day of the trio is CVE-2023-36025, a security feature bypass ...

It's called Smart App Control and it's kind of like Windows Defender SmartScreen on steroids. This new feature aims to prevent malicious apps from being installed by unwitting users.

The feature is available on all major web browsers, and it denies attempts to access blocked content via Windows Defender SmartScreen (on Microsoft Edge) and Network Protection (on Chrome, Firefox ...