Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws


Patch Tuesday

Today is Microsoft’s November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities.

While fourteen remote code execution (RCE) bugs were fixed, Microsoft only rated one as critical. The three critical flaws fixed today are an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw that allows the executions of programs on the host with SYSTEM privileges.

The number of bugs in each vulnerability category is listed below:

  • 26 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 45 Remote Code Execution Vulnerabilities
  • 12 Information Disclosure Vulnerabilities
  • 17 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerabilities

The total count of 58 flaws does not include 5 Mariner security updates and 20 Microsoft Edge security updates released earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5032190 cumulative update and Windows 10 KB5032189 cumulative update.

Five zero-days fixed

This month’s Patch Tuesday fixes five zero-day vulnerabilities, with three exploited in attacks and three publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The three actively exploited zero-day vulnerabilities in today’s updates are:

CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited Windows Cloud Files Mini Filter Elevation of Privileges bug.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft.

It is not known how the flaw was abused in attacks or by what threat actor.

The flaw was discovered internally by the Microsoft Threat Intelligence Microsoft Security Response Center.

CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited and publicly disclosed Windows DWM Core Library vulnerability that can be used to elevate privileges to SYSTEM.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft.

Microsoft says that the flaw was discovered by Quan Jin(@jq0904) with DBAPPSecurity WeBin Lab but did not share details on how they were used in attacks.

CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft has fixed an actively exploited Windows SmartScreen flaw that allows a malicious Internet Shortcut to bypass security checks and warnings.

“The attacker would be able to bypass Windows Defender SmartScreen checks and their associated prompts,” explains Microsoft.

“The user would have to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be compromised by the attacker,” continues Microsoft.

Microsoft says that the flaw was discovered by Will Metcalf (Splunk), Microsoft Threat Intelligence, and the Microsoft Office Product Group Security Team.

BleepingComputer contacted Splunk about the flaw to learn how it was exploited.

In addition, Microsoft says that two other publicly disclosed zero-day bugs, ‘CVE-2023-36413 – Microsoft Office Security Feature Bypass Vulnerability’ and the ‘CVE-2023-36038 — ASP.NET Core Denial of Service Vulnerability,’ were also fixed as part of today’s Patch Tuesday.

However, Microsoft says that they were not actively exploited in attacks.

Recent updates from other companies

Other vendors who released updates or advisories in November 2023 include:

The November 2023 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the November 2023 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET Framework CVE-2023-36049 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Important
ASP.NET CVE-2023-36560 ASP.NET Security Feature Bypass Vulnerability Important
ASP.NET CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability Important
ASP.NET CVE-2023-36558 ASP.NET Core – Security Feature Bypass Vulnerability Important
Azure CVE-2023-36052 Azure CLI REST Command Information Disclosure Vulnerability Critical
Azure CVE-2023-38151 Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability Important
Azure CVE-2023-36021 Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability Important
Azure DevOps CVE-2023-36437 Azure DevOps Server Remote Code Execution Vulnerability Important
Mariner CVE-2020-1747 Unknown Unknown
Mariner CVE-2023-46316 Unknown Unknown
Mariner CVE-2023-46753 Unknown Unknown
Mariner CVE-2020-8554 Unknown Unknown
Mariner CVE-2020-14343 Unknown Unknown
Microsoft Bluetooth Driver CVE-2023-24023 Mitre: CVE-2023-24023 Bluetooth Vulnerability Important
Microsoft Dynamics CVE-2023-36016 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2023-36007 Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability Important
Microsoft Dynamics CVE-2023-36031 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2023-36410 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics 365 Sales CVE-2023-36030 Microsoft Dynamics 365 Sales Spoofing Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2023-36014 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2023-5996 Chromium: CVE-2023-5996 Use after free in WebAudio Unknown
Microsoft Edge (Chromium-based) CVE-2023-36022 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2023-36027 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2023-36029 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2023-5480 Chromium: CVE-2023-5480 Inappropriate implementation in Payments Unknown
Microsoft Edge (Chromium-based) CVE-2023-5856 Chromium: CVE-2023-5856 Use after free in Side Panel Unknown
Microsoft Edge (Chromium-based) CVE-2023-5855 Chromium: CVE-2023-5855 Use after free in Reading Mode Unknown
Microsoft Edge (Chromium-based) CVE-2023-5854 Chromium: CVE-2023-5854 Use after free in Profiles Unknown
Microsoft Edge (Chromium-based) CVE-2023-5859 Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture Unknown
Microsoft Edge (Chromium-based) CVE-2023-5858 Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider Unknown
Microsoft Edge (Chromium-based) CVE-2023-5857 Chromium: CVE-2023-5857 Inappropriate implementation in Downloads Unknown
Microsoft Edge (Chromium-based) CVE-2023-5850 Chromium: CVE-2023-5850 Incorrect security UI in Downloads Unknown
Microsoft Edge (Chromium-based) CVE-2023-5849 Chromium: CVE-2023-5849 Integer overflow in USB Unknown
Microsoft Edge (Chromium-based) CVE-2023-5482 Chromium: CVE-2023-5482 Insufficient data validation in USB Unknown
Microsoft Edge (Chromium-based) CVE-2023-5853 Chromium: CVE-2023-5853 Incorrect security UI in Downloads Unknown
Microsoft Edge (Chromium-based) CVE-2023-5852 Chromium: CVE-2023-5852 Use after free in Printing Unknown
Microsoft Edge (Chromium-based) CVE-2023-5851 Chromium: CVE-2023-5851 Inappropriate implementation in Downloads Unknown
Microsoft Edge (Chromium-based) CVE-2023-36024 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2023-36034 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate
Microsoft Exchange Server CVE-2023-36439 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2023-36050 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2023-36039 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Exchange Server CVE-2023-36035 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Office CVE-2023-36413 Microsoft Office Security Feature Bypass Vulnerability Important
Microsoft Office CVE-2023-36045 Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2023-36041 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2023-36037 Microsoft Excel Security Feature Bypass Vulnerability Important
Microsoft Office SharePoint CVE-2023-38177 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Remote Registry Service CVE-2023-36423 Microsoft Remote Registry Service Remote Code Execution Vulnerability Important
Microsoft Remote Registry Service CVE-2023-36401 Microsoft Remote Registry Service Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2023-36402 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft Windows Search Component CVE-2023-36394 Windows Search Service Elevation of Privilege Vulnerability Important
Microsoft Windows Speech CVE-2023-36719 Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability Important
Open Management Infrastructure CVE-2023-36043 Open Management Infrastructure Information Disclosure Vulnerability Important
Tablet Windows User Interface CVE-2023-36393 Windows User Interface Application Core Remote Code Execution Vulnerability Important
Visual Studio CVE-2023-36042 Visual Studio Denial of Service Vulnerability Important
Visual Studio Code CVE-2023-36018 Visual Studio Code Jupyter Extension Spoofing Vulnerability Important
Windows Authentication Methods CVE-2023-36047 Windows Authentication Elevation of Privilege Vulnerability Important
Windows Authentication Methods CVE-2023-36428 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Important
Windows Authentication Methods CVE-2023-36046 Windows Authentication Denial of Service Vulnerability Important
Windows Cloud Files Mini Filter Driver CVE-2023-36036 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2023-36424 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Compressed Folder CVE-2023-36396 Windows Compressed Folder Remote Code Execution Vulnerability Important
Windows Defender CVE-2023-36422 Microsoft Windows Defender Elevation of Privilege Vulnerability Important
Windows Deployment Services CVE-2023-36395 Windows Deployment Services Denial of Service Vulnerability Important
Windows DHCP Server CVE-2023-36392 DHCP Server Service Denial of Service Vulnerability Important
Windows Distributed File System (DFS) CVE-2023-36425 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Important
Windows DWM Core Library CVE-2023-36033 Windows DWM Core Library Elevation of Privilege Vulnerability Important
Windows HMAC Key Derivation CVE-2023-36400 Windows HMAC Key Derivation Elevation of Privilege Vulnerability Critical
Windows Hyper-V CVE-2023-36427 Windows Hyper-V Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2023-36407 Windows Hyper-V Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2023-36406 Windows Hyper-V Information Disclosure Vulnerability Important
Windows Hyper-V CVE-2023-36408 Windows Hyper-V Elevation of Privilege Vulnerability Important
Windows Installer CVE-2023-36705 Windows Installer Elevation of Privilege Vulnerability Important
Windows Internet Connection Sharing (ICS) CVE-2023-36397 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical
Windows Kernel CVE-2023-36405 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2023-36404 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2023-36403 Windows Kernel Elevation of Privilege Vulnerability Important
Windows NTFS CVE-2023-36398 Windows NTFS Information Disclosure Vulnerability Important
Windows Protected EAP (PEAP) CVE-2023-36028 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Important
Windows Scripting CVE-2023-36017 Windows Scripting Engine Memory Corruption Vulnerability Important
Windows SmartScreen CVE-2023-36025 Windows SmartScreen Security Feature Bypass Vulnerability Important
Windows Storage CVE-2023-36399 Windows Storage Elevation of Privilege Vulnerability Important





Source link