Breaking Down the Latest November 2023 Patch Tuesday Report

The November 2023 Patch Tuesday report has been released, marking another significant monthly event for organizations and individuals to bolster their cybersecurity. This report is crucial for ensuring the ongoing security and stability of the Windows operating system and a range of other software products that are integral to daily operations. In this article, we delve into the essential highlights of the November 2023 Patch Tuesday report, emphasizing the most critical updates and concerns for users and administrators.

In November 2023, Microsoft addressed a total of 58 flaws, including five zero-day vulnerabilities. Of the new patches, three were rated Critical, 56 Important, and four Moderate in severity. The report is notable for fixing a high number of Elevation of Privilege vulnerabilities (16), along with 6 Security Feature Bypass, 15 Remote Code Execution, 6 Information Disclosure, 5 Denial of Service, and 11 Spoofing vulnerabilities.

The three actively exploited zero-day vulnerabilities patched in this update are CVE-2023-36036, CVE-2023-36033, and CVE-2023-36025, which involve the Windows Cloud Files Mini Filter Driver, Windows DWM Core Library, and Windows SmartScreen, respectively. Additionally, CVE-2023-36397, a Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability, stands out as the highest-rated bug for the month with a CVSS of 9.8.

Other critical issues include an information disclosure vulnerability in the Azure Command-Line Interface (CLI) and a privilege escalation vulnerability in the Windows Hash-based Message Authentication Code (HMAC) related to Hyper-V. The report also addresses several security feature bypass (SFB) vulnerabilities in ASP.NET Core, Microsoft Office, Excel, and the On-Prem Data Gateway. Let’s break down what is there in the November patches that Microsoft released on 14th November.

Key Highlights- Patch Tuesday November 2023

In November’s Patch Tuesday, Microsoft addressed 58 flaws, including five zero-day vulnerabilities, with three of them actively exploited in the wild. This update included patches for a variety of vulnerability types such as privilege escalation bugs, information disclosure issues, spoofing weaknesses, security feature bypasses, remote code execution flaws, and denial of service vulnerabilities.

The key affected products in this update span across Microsoft’s product range, including Windows, Azure, Microsoft Edge, Office, Exchange Server, and others. It is crucial for administrators and end users to apply these security updates promptly to protect their systems from these vulnerabilities.

See also  How to Fix CVE-2023-24329- URL Parsing Issue in Python?

Key Highlights are:

  1. Total Flaws and Zero-Day Vulnerabilities: The November update includes 58 flaws, with five zero-day vulnerabilities, three of which were actively exploited.
  2. Critical Flaws: Among the patches, three critical flaws were fixed, including an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw.
  3. Variety of Vulnerability Types: The vulnerabilities addressed include 16 Elevation of Privilege vulnerabilities, 6 Security Feature Bypass vulnerabilities, 15 Remote Code Execution vulnerabilities, 6 Information Disclosure vulnerabilities, 5 Denial of Service vulnerabilities, and 11 Spoofing vulnerabilities.
  4. Actively Exploited Zero-Days: The actively exploited zero-day vulnerabilities patched include CVE-2023-36036, CVE-2023-36033, and CVE-2023-36025, affecting Windows Cloud Files Mini Filter Driver, Windows DWM Core Library, and Windows SmartScreen.
  5. Noteworthy Critical-Rated Bugs: Other critical-rated bugs include an information disclosure in the Azure Command-Line Interface (CLI), a privilege escalation in the Windows HMAC that could allow a guest on Hyper-V to execute code on the host OS, and a CVE in Windows Pragmatic General Multicast (PGM).
  6. Security Feature Bypass Vulnerabilities: There were patches for various security feature bypass bugs, including those in ASP.NET Core, Office, Excel, and the On-Prem Data Gateway.

This November’s Patch Tuesday highlights Microsoft’s ongoing commitment to securing its wide range of products against ever-evolving cybersecurity threats.

Zero-day Vulnerabilities Patched in November 2023

In November 2023, Microsoft addressed a spectrum of security issues, including five critical zero-day vulnerabilities. Out of which three were actively being exploited (CVE-2023-36036, CVE-2023-36033, and CVE-2023-36025). These vulnerabilities were particularly significant because they had been disclosed or exploited before a patch was available, posing an immediate risk to affected systems.

CVE-2023-36413 (Microsoft Office Security Feature Bypass Vulnerability):

This vulnerability allowed attackers to bypass security features in Microsoft Office, potentially letting them open malicious files in editing mode rather than the restricted Protected View. This could lead to further exploits such as macro-based attacks or other forms of malware execution. The attackers would need to convince a user to open a specifically crafted file to leverage this vulnerability, which underscores the importance of caution with email attachments and downloads from untrusted sources.

See also  Step-By-Step Procedure To Install MX Linux On VMWare Workstation

CVE-2023-36036 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability):

The Windows Cloud Files Mini Filter Driver vulnerability could allow an attacker to gain SYSTEM privileges by exploiting the filter driver’s functions. A successful exploit could enable an attacker to execute code with elevated privileges, essentially giving them full control over the affected system. This type of access could be used for further malicious activities, including data theft, spreading ransomware, or creating persistent access to the compromised environment.

CVE-2023-36038 (ASP.NET Core Denial of Service Vulnerability):

Affecting the ASP.NET Core framework, this vulnerability could lead to a denial of service (DoS) condition. By exploiting this flaw, an attacker could send specially crafted HTTP requests that would disrupt the service, potentially making the web application unavailable to legitimate users. The disruption caused by such an attack could have significant implications for businesses, resulting in downtime and loss of productivity.

CVE-2023-36033 (Windows DWM Core Library Elevation of Privilege Vulnerability):

This vulnerability was found in the Desktop Window Manager (DWM) and could allow an attacker to perform an elevation of privilege. By exploiting this flaw, an attacker could execute arbitrary code with elevated permissions. The DWM is responsible for visual effects on the desktop, and compromising this component could lead to various malicious activities, including surveillance or further system compromise.

CVE-2023-36025 (Windows SmartScreen Security Feature Bypass Vulnerability):

The Windows SmartScreen filter is designed to warn users about running unrecognized applications or files from the internet. This vulnerability allowed attackers to bypass those warnings, which could lead to users inadvertently executing malicious software. This kind of bypass is particularly dangerous because it undermines a key defense mechanism that many users rely on to prevent malware infections.

Critical Vulnerabilities Patched in November 2023

Microsoft’s November 2023 security updates addressed one critical and two high severity vulnerabilities that could be remotely exploited without user interaction. These flaws represent significant risks that malicious actors could leverage in attacks. Promptly patching critical issues should be a top priority for security teams.

One concerning bug is CVE-2023-36397, a remote code execution flaw in Windows Pragmatic General Multicast rated CVSSv3 9.8. Another critical bug is CVE-2023-36052, an Azure CLI information disclosure vulnerability that could reveal plaintext passwords and usernames from log files. Also high severity is CVE-2023-36400, a Windows HMAC key derivation elevation of privilege bug enabling takeover of Hyper-V virtual machines.

See also  Essential Windows Commands and Utilities to Troubleshoot Network

 

With remote exploitation and no user interaction required, these critical vulnerabilities open doorways for serious compromise by attackers. Their high CVSSv3 scores reflect the urgent need to apply fixes before threats leverage them. Prioritizing critical and high severity patches reduces exposure to the most dangerous risks.

CVE ID Description CVSSv3 Severity
CVE-2023-36397 Windows Pragmatic General Multicast Remote Code Execution 9.8 Critical
CVE-2023-36052 Azure CLI Information Disclosure 8.6 High
CVE-2023-36400 Windows HMAC Key Derivation Elevation of Privilege 8.8 High

Vulnerabilities by Category

In total, 58 vulnerabilities were addressed in November’s Patch Tuesday, with remote code execution being a notable vulnerability type patched by Microsoft, occurring 15 times. Elevation of privilege bugs also accounted for a significant portion of the flaws fixed, with 16 occurrences. The least common vulnerability category was denial of service, with 5 such flaws patched in November. Please refer to the below chart for complete details on all categories of vulnerabilities:

Vulnerability Category from the November 2023 Patch Tuesday report

Here is a table with the vulnerability categories and associated CVE IDs from Microsoft’s November 2023 Patch Tuesday:

Vulnerability Category CVE IDs
Elevation of Privilege Vulnerability CVE-2023-36024
CVE-2023-36027
CVE-2023-36033
CVE-2023-36036
CVE-2023-36047
CVE-2023-36049
CVE-2023-36394
CVE-2023-36399
CVE-2023-36400
CVE-2023-36403
CVE-2023-36405
CVE-2023-36407
CVE-2023-36408
CVE-2023-36422
CVE-2023-36424
CVE-2023-36427
CVE-2023-36705
CVE-2023-36719
Security Feature Bypass Vulnerability CVE-2023-36021
CVE-2023-36025
CVE-2023-36037
CVE-2023-36413
CVE-2023-36558
CVE-2023-36560
CVE-2023-5850
CVE-2023-5853
CVE-2023-5858
CVE-2023-5859
Remote Code Execution Vulnerability CVE-2023-36014
CVE-2023-36017
CVE-2023-36022
CVE-2023-36028
CVE-2023-36034
CVE-2023-36041
CVE-2023-36045
CVE-2023-36393
CVE-2023-36396
CVE-2023-36397
CVE-2023-36401
CVE-2023-36402
CVE-2023-36423
CVE-2023-36425
CVE-2023-36437
CVE-2023-36439
CVE-2023-38151
CVE-2023-38177
CVE-2023-5480
CVE-2023-5482
CVE-2023-5849
CVE-2023-5851
CVE-2023-5852
CVE-2023-5854
CVE-2023-5855
CVE-2023-5856
CVE-2023-5857
CVE-2023-5996
Information Disclosure Vulnerability CVE-2023-36043
CVE-2023-36052
CVE-2023-36398
CVE-2023-36404
CVE-2023-36406
CVE-2023-36428
Denial of Service Vulnerability CVE-2023-36038
CVE-2023-36042
CVE-2023-36046
CVE-2023-36392
CVE-2023-36395
Spoofing Vulnerability CVE-2023-24023
CVE-2023-36007
CVE-2023-36018
CVE-2023-36029
CVE-2023-36030
CVE-2023-36035
CVE-2023-36039
CVE-2023-36050
Cross-site Scripting Vulnerability CVE-2023-36016
CVE-2023-36031
CVE-2023-36410

List of Products Patched in November 2023 Patch Tuesday Report

Microsoft’s November 2023 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:

Product Name No. of Vulnerabilities Patched
Microsoft Edge (Chromium-based) 20
Mariner 5
Windows Hyper-V 4
Microsoft Exchange Server 4
Microsoft Dynamics 4
ASP.NET 3
Windows Authentication Methods 3
Azure 3
Windows Kernel 3
Microsoft Office 2
Microsoft Office Excel 2
Microsoft Remote Registry Service 2
Microsoft Office SharePoint 1
Windows Deployment Services 1
Windows Compressed Folder 1
Windows HMAC Key Derivation 1
Windows Distributed File System (DFS) 1
Windows Installer 1
Windows Cloud Files Mini Filter Driver 1
Microsoft Dynamics 365 Sales 1
Microsoft WDAC OLE DB provider for SQL 1
Windows Common Log File System Driver 1
Microsoft Windows Search Component 1
Windows Defender 1
Windows Internet Connection Sharing (ICS) 1
Windows DHCP Server 1
Windows NTFS 1
Windows DWM Core Library 1
Windows Scripting 1
Microsoft Bluetooth Driver 1
Windows Storage 1
Azure DevOps 1
.NET Framework 1
Microsoft Windows Speech 1
Windows Protected EAP (PEAP) 1
Open Management Infrastructure 1
Windows SmartScreen 1
Tablet Windows User Interface 1
Visual Studio 1
Visual Studio Code 1

Complete List of Vulnerabilities Patched in November 2023 Patch Tuesday

Download the complete list of vulnerabilities by products patched in November 2023 Patch Tuesday here. 

Azure vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-38151 Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability No No 8.8 Important RCE
CVE-2023-36437 Azure DevOps Server Remote Code Execution Vulnerability No No 8.8 Important RCE
CVE-2023-36052 Azure CLI REST Command Information Disclosure Vulnerability No No 8.6 Critical Info
CVE-2023-36021 Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability No No 8 Important SFB

Browser vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-36034 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 7.3 Moderate RCE
CVE-2023-36014 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 7.3 Moderate RCE
CVE-2023-36024 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 7.1 Important EoP
CVE-2023-36027 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability No No 7.1 Important EoP
CVE-2023-36022 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability No No 6.6 Moderate RCE
CVE-2023-36029 Microsoft Edge (Chromium-based) Spoofing Vulnerability No No 4.3 Moderate Spoofing
CVE-2023-5996 Chromium: CVE-2023-5996 Use after free in WebAudio No No N/A High RCE
CVE-2023-5859 Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture No No N/A Low SFB
CVE-2023-5858 Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider No No N/A Low SFB
CVE-2023-5857 Chromium: CVE-2023-5857 Inappropriate implementation in Downloads No No N/A Medium RCE
CVE-2023-5856 Chromium: CVE-2023-5856 Use after free in Side Panel No No N/A Medium RCE
CVE-2023-5855 Chromium: CVE-2023-5855 Use after free in Reading Mode No No N/A Medium RCE
CVE-2023-5854 Chromium: CVE-2023-5854 Use after free in Profiles No No N/A Medium RCE
CVE-2023-5853 Chromium: CVE-2023-5853 Incorrect security UI in Downloads No No N/A Medium SFB
CVE-2023-5852 Chromium: CVE-2023-5852 Use after free in Printing No No N/A Medium RCE
CVE-2023-5851 Chromium: CVE-2023-5851 Inappropriate implementation in Downloads No No N/A Medium RCE
CVE-2023-5850 Chromium: CVE-2023-5850 Incorrect security UI in Downloads No No N/A Medium SFB
CVE-2023-5849 Chromium: CVE-2023-5849 Integer overflow in USB No No N/A High RCE
CVE-2023-5482 Chromium: CVE-2023-5482 Insufficient data validation in USB No No N/A High RCE
CVE-2023-5480 Chromium: CVE-2023-5480 Inappropriate implementation in Payments No No N/A High RCE

Developer Tools vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-36560 ASP.NET Security Feature Bypass Vulnerability No No 8.8 Important SFB
CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability No Yes 8.2 Important DoS
CVE-2023-36018 Visual Studio Code Jupyter Extension Spoofing Vulnerability No No 7.8 Important Spoofing
CVE-2023-36049 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability No No 7.6 Important EoP
CVE-2023-36042 Visual Studio Denial of Service Vulnerability No No 6.2 Important DoS
CVE-2023-36558 ASP.NET Core – Security Feature Bypass Vulnerability No No 6.2 Important SFB

ESU Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-36397 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability No No 9.8 Critical RCE
CVE-2023-36025 Windows SmartScreen Security Feature Bypass Vulnerability Yes No 8.8 Important SFB
CVE-2023-36017 Windows Scripting Engine Memory Corruption Vulnerability No No 8.8 Important RCE
CVE-2023-36402 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability No No 8.8 Important RCE
CVE-2023-36719 Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability No No 8.4 Important EoP
CVE-2023-36425 Windows Distributed File System (DFS) Remote Code Execution Vulnerability No No 8 Important RCE
CVE-2023-36393 Windows User Interface Application Core Remote Code Execution Vulnerability No No 7.8 Important RCE
CVE-2023-36705 Windows Installer Elevation of Privilege Vulnerability No No 7.8 Important EoP
CVE-2023-36424 Windows Common Log File System Driver Elevation of Privilege Vulnerability No No 7.8 Important EoP
CVE-2023-36036 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Yes No 7.8 Important EoP
CVE-2023-36395 Windows Deployment Services Denial of Service Vulnerability No No 7.5 Important DoS
CVE-2023-36392 DHCP Server Service Denial of Service Vulnerability No No 7.5 Important DoS
CVE-2023-36423 Microsoft Remote Registry Service Remote Code Execution Vulnerability No No 7.2 Important RCE
CVE-2023-36401 Microsoft Remote Registry Service Remote Code Execution Vulnerability No No 7.2 Important RCE
CVE-2023-36403 Windows Kernel Elevation of Privilege Vulnerability No No 7 Important EoP
CVE-2023-36398 Windows NTFS Information Disclosure Vulnerability No No 6.5 Important Info
CVE-2023-36428 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability No No 5.5 Important Info

Exchange Server vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-36050 Microsoft Exchange Server Spoofing Vulnerability No No 8 Important Spoofing
CVE-2023-36039 Microsoft Exchange Server Spoofing Vulnerability No No 8 Important Spoofing
CVE-2023-36035 Microsoft Exchange Server Spoofing Vulnerability No No 8 Important Spoofing
CVE-2023-36439 Microsoft Exchange Server Remote Code Execution Vulnerability No No 8 Important RCE

Microsoft Dynamics vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-36007 Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability No No 7.6 Important Spoofing
CVE-2023-36410 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability No No 7.6 Important XSS
CVE-2023-36031 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability No No 7.6 Important XSS
CVE-2023-36016 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability No No 6.2 Important XSS
CVE-2023-36030 Microsoft Dynamics 365 Sales Spoofing Vulnerability No No 6.1 Important Spoofing

Microsoft Office vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-36045 Microsoft Office Graphics Remote Code Execution Vulnerability No No 7.8 Important RCE
CVE-2023-36037 Microsoft Excel Security Feature Bypass Vulnerability No No 7.8 Important SFB
CVE-2023-36041 Microsoft Excel Remote Code Execution Vulnerability No No 7.8 Important RCE
CVE-2023-36413 Microsoft Office Security Feature Bypass Vulnerability No Yes 6.5 Important SFB
CVE-2023-38177 Microsoft SharePoint Server Remote Code Execution Vulnerability No No 6.1 Important RCE

System Center vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-36422 Microsoft Windows Defender Elevation of Privilege Vulnerability No No 7.8 Important EoP
CVE-2023-36043 Open Management Infrastructure Information Disclosure Vulnerability No No 6.5 Important Info

Windows vulnerabilities

CVE Title Exploited? Publicly disclosed? CVSSv3 base score Severity Vulnerability
CVE-2023-36028 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability No No 9.8 Important RCE
CVE-2023-36400 Windows HMAC Key Derivation Elevation of Privilege Vulnerability No No 8.8 Critical EoP
CVE-2023-36408 Windows Hyper-V Elevation of Privilege Vulnerability No No 7.8 Important EoP
CVE-2023-36407 Windows Hyper-V Elevation of Privilege Vulnerability No No 7.8 Important EoP
CVE-2023-36033 Windows DWM Core Library Elevation of Privilege Vulnerability Yes Yes 7.8 Important EoP
CVE-2023-36396 Windows Compressed Folder Remote Code Execution Vulnerability No No 7.8 Important RCE
CVE-2023-36047 Windows Authentication Elevation of Privilege Vulnerability No No 7.8 Important EoP
CVE-2023-36399 Windows Storage Elevation of Privilege Vulnerability No No 7.1 Important EoP
CVE-2023-36046 Windows Authentication Denial of Service Vulnerability No No 7.1 Important DoS
CVE-2023-36394 Windows Search Service Elevation of Privilege Vulnerability No No 7 Important EoP
CVE-2023-36405 Windows Kernel Elevation of Privilege Vulnerability No No 7 Important EoP
CVE-2023-36427 Windows Hyper-V Elevation of Privilege Vulnerability No No 7 Important EoP
CVE-2023-36404 Windows Kernel Information Disclosure Vulnerability No No 5.5 Important Info
CVE-2023-36406 Windows Hyper-V Information Disclosure Vulnerability No No 5.5 Important Info
CVE-2023-24023 Mitre: CVE-2023-24023 Bluetooth Vulnerability No No N/A Important Spoofing

Bottom Line

Microsoft’s November 2023 Patch Tuesday delivered fixes for 58 vulnerabilities, including 5 zero-day threats and critical issues affecting Windows, Azure, and other key products.

Leave a Reply

Your email address will not be published. Required fields are marked *