Breaking Down the Latest November 2023 Patch Tuesday Report
The November 2023 Patch Tuesday report has been released, marking another significant monthly event for organizations and individuals to bolster their cybersecurity. This report is crucial for ensuring the ongoing security and stability of the Windows operating system and a range of other software products that are integral to daily operations. In this article, we delve into the essential highlights of the November 2023 Patch Tuesday report, emphasizing the most critical updates and concerns for users and administrators.
In November 2023, Microsoft addressed a total of 58 flaws, including five zero-day vulnerabilities. Of the new patches, three were rated Critical, 56 Important, and four Moderate in severity. The report is notable for fixing a high number of Elevation of Privilege vulnerabilities (16), along with 6 Security Feature Bypass, 15 Remote Code Execution, 6 Information Disclosure, 5 Denial of Service, and 11 Spoofing vulnerabilities.
The three actively exploited zero-day vulnerabilities patched in this update are CVE-2023–36036, CVE-2023–36033, and CVE-2023–36025, which involve the Windows Cloud Files Mini Filter Driver, Windows DWM Core Library, and Windows SmartScreen, respectively. Additionally, CVE-2023–36397, a Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability, stands out as the highest-rated bug for the month with a CVSS of 9.8.
Other critical issues include an information disclosure vulnerability in the Azure Command-Line Interface (CLI) and a privilege escalation vulnerability in the Windows Hash-based Message Authentication Code (HMAC) related to Hyper-V. The report also addresses several security feature bypass (SFB) vulnerabilities in ASP.NET Core, Microsoft Office, Excel, and the On-Prem Data Gateway. Let’s break down what is there in the November patches that Microsoft released on 14th November.
Table of contents
· Key Highlights- Patch Tuesday November 2023
· Zero-day Vulnerabilities Patched in November 2023
· Critical Vulnerabilities Patched in November 2023
· Vulnerabilities by Category
· List of Products Patched in November 2023 Patch Tuesday Report
· Complete List of Vulnerabilities Patched in November 2023 Patch Tuesday
∘ Azure vulnerabilities
∘ Browser vulnerabilities
∘ Developer Tools vulnerabilities
∘ ESU Windows vulnerabilities
∘ Exchange Server vulnerabilities
∘ Microsoft Dynamics vulnerabilities
∘ Microsoft Office vulnerabilities
∘ System Center vulnerabilities
∘ Windows vulnerabilities
· Bottom Line
Key Highlights- Patch Tuesday November 2023
In November’s Patch Tuesday, Microsoft addressed 58 flaws, including five zero-day vulnerabilities, with three of them actively exploited in the wild. This update included patches for a variety of vulnerability types such as privilege escalation bugs, information disclosure issues, spoofing weaknesses, security feature bypasses, remote code execution flaws, and denial of service vulnerabilities.
The key affected products in this update span across Microsoft’s product range, including Windows, Azure, Microsoft Edge, Office, Exchange Server, and others. It is crucial for administrators and end users to apply these security updates promptly to protect their systems from these vulnerabilities.
Key Highlights are:
- Total Flaws and Zero-Day Vulnerabilities: The November update includes 58 flaws, with five zero-day vulnerabilities, three of which were actively exploited.
- Critical Flaws: Among the patches, three critical flaws were fixed, including an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw.
- Variety of Vulnerability Types: The vulnerabilities addressed include 16 Elevation of Privilege vulnerabilities, 6 Security Feature Bypass vulnerabilities, 15 Remote Code Execution vulnerabilities, 6 Information Disclosure vulnerabilities, 5 Denial of Service vulnerabilities, and 11 Spoofing vulnerabilities.
- Actively Exploited Zero-Days: The actively exploited zero-day vulnerabilities patched include CVE-2023–36036, CVE-2023–36033, and CVE-2023–36025, affecting Windows Cloud Files Mini Filter Driver, Windows DWM Core Library, and Windows SmartScreen.
- Noteworthy Critical-Rated Bugs: Other critical-rated bugs include an information disclosure in the Azure Command-Line Interface (CLI), a privilege escalation in the Windows HMAC that could allow a guest on Hyper-V to execute code on the host OS, and a CVE in Windows Pragmatic General Multicast (PGM).
- Security Feature Bypass Vulnerabilities: There were patches for various security feature bypass bugs, including those in ASP.NET Core, Office, Excel, and the On-Prem Data Gateway.
This November’s Patch Tuesday highlights Microsoft’s ongoing commitment to securing its wide range of products against ever-evolving cybersecurity threats.
Zero-day Vulnerabilities Patched in November 2023
In November 2023, Microsoft addressed a spectrum of security issues, including five critical zero-day vulnerabilities. Out of which three were actively being exploited (CVE-2023–36036, CVE-2023–36033, and CVE-2023–36025). These vulnerabilities were particularly significant because they had been disclosed or exploited before a patch was available, posing an immediate risk to affected systems.
CVE-2023–36413 (Microsoft Office Security Feature Bypass Vulnerability):
This vulnerability allowed attackers to bypass security features in Microsoft Office, potentially letting them open malicious files in editing mode rather than the restricted Protected View. This could lead to further exploits such as macro-based attacks or other forms of malware execution. The attackers would need to convince a user to open a specifically crafted file to leverage this vulnerability, which underscores the importance of caution with email attachments and downloads from untrusted sources.
CVE-2023–36036 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability):
The Windows Cloud Files Mini Filter Driver vulnerability could allow an attacker to gain SYSTEM privileges by exploiting the filter driver’s functions. A successful exploit could enable an attacker to execute code with elevated privileges, essentially giving them full control over the affected system. This type of access could be used for further malicious activities, including data theft, spreading ransomware, or creating persistent access to the compromised environment.
CVE-2023–36038 (ASP.NET Core Denial of Service Vulnerability):
Affecting the ASP.NET Core framework, this vulnerability could lead to a denial of service (DoS) condition. By exploiting this flaw, an attacker could send specially crafted HTTP requests that would disrupt the service, potentially making the web application unavailable to legitimate users. The disruption caused by such an attack could have significant implications for businesses, resulting in downtime and loss of productivity.
CVE-2023–36033 (Windows DWM Core Library Elevation of Privilege Vulnerability):
This vulnerability was found in the Desktop Window Manager (DWM) and could allow an attacker to perform an elevation of privilege. By exploiting this flaw, an attacker could execute arbitrary code with elevated permissions. The DWM is responsible for visual effects on the desktop, and compromising this component could lead to various malicious activities, including surveillance or further system compromise.
CVE-2023–36025 (Windows SmartScreen Security Feature Bypass Vulnerability):
The Windows SmartScreen filter is designed to warn users about running unrecognized applications or files from the internet. This vulnerability allowed attackers to bypass those warnings, which could lead to users inadvertently executing malicious software. This kind of bypass is particularly dangerous because it undermines a key defense mechanism that many users rely on to prevent malware infections.
Critical Vulnerabilities Patched in November 2023
Microsoft’s November 2023 security updates addressed one critical and two high severity vulnerabilities that could be remotely exploited without user interaction. These flaws represent significant risks that malicious actors could leverage in attacks. Promptly patching critical issues should be a top priority for security teams.
One concerning bug is CVE-2023–36397, a remote code execution flaw in Windows Pragmatic General Multicast rated CVSSv3 9.8. Another critical bug is CVE-2023–36052, an Azure CLI information disclosure vulnerability that could reveal plaintext passwords and usernames from log files. Also high severity is CVE-2023–36400, a Windows HMAC key derivation elevation of privilege bug enabling takeover of Hyper-V virtual machines.
With remote exploitation and no user interaction required, these critical vulnerabilities open doorways for serious compromise by attackers. Their high CVSSv3 scores reflect the urgent need to apply fixes before threats leverage them. Prioritizing critical and high severity patches reduces exposure to the most dangerous risks.
Vulnerabilities by Category
In total, 58 vulnerabilities were addressed in November’s Patch Tuesday, with remote code execution being a notable vulnerability type patched by Microsoft, occurring 15 times. Elevation of privilege bugs also accounted for a significant portion of the flaws fixed, with 16 occurrences. The least common vulnerability category was denial of service, with 5 such flaws patched in November. Please refer to the below chart for complete details on all categories of vulnerabilities:
Here is a table with the vulnerability categories and associated CVE IDs from Microsoft’s November 2023 Patch Tuesday:
List of Products Patched in November 2023 Patch Tuesday Report
Microsoft’s November 2023 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:
Complete List of Vulnerabilities Patched in November 2023 Patch Tuesday
Download the complete list of vulnerabilities by products patched in November 2023 Patch Tuesday here.
Azure vulnerabilities
Browser vulnerabilities
Developer Tools vulnerabilities
ESU Windows vulnerabilities
Exchange Server vulnerabilities
Microsoft Dynamics vulnerabilities
Microsoft Office vulnerabilities
System Center vulnerabilities
Windows vulnerabilities
Bottom Line
Microsoft’s November 2023 Patch Tuesday delivered fixes for 58 vulnerabilities, including 5 zero-day threats and critical issues affecting Windows, Azure, and other key products.
This release saw a broad scope of vulnerabilities addressed, with a particular focus on Elevation of Privilege, which accounted for 16 of the vulnerabilities, and Remote Code Execution, with 15 instances being patched. Among the zero-days, three were actively exploited, underscoring the urgency for immediate patching.
Critical vulnerabilities this month include a Hyper-V escape flaw, an Azure CLI information disclosure, and a Windows PGM remote code execution vulnerability, each representing a significant threat to network security. Furthermore, critical remote code execution vulnerabilities in core Windows components were also addressed, alongside other information disclosure and denial of service issues.
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
This post is originally published at thesecmaster.com
We thank everybody who has been supporting our work and requests you check out thesecmaster.com for more such articles.
