WARNING: MICROSOFT PATCH TUESDAY NOVEMBER 2023 PATCHES 63 VULNERABILITIES (4 CRITICAL, 5 ZERO-DAY, 3 ACTIVELY EXPLOITED), Patch Immediately!
- Windows 11 v23H2, Windows 11 v22H2, Windows 11 v21H2
- Windows 10 v22H2, Windows 10 v21H2
- Windows Server 2022, 23H2 Edition (Server Core installation),
- Windows Server 2022 - Windows Server 2019
- Windows Server 2016
- Microsoft Office
- Microsoft SharePoint
- Microsoft Exchange Server
- Microsoft .NET
- Microsoft Visual Studio
- Microsoft Dynamics 365
- Microsoft Azure
- System Center
Microsoft patched 63 vulnerabilities in its November 2023 Patch Tuesday release, 4 rated as critical, 55 rated as important and 4 rated as Moderate.
- 18 Remote Code Execution Vulnerabilities
- 18 Elevation of Privilege Vulnerabilities
- 10 Spoofing Vulnerabilities
- 6 Security Feature Bypass Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
Microsoft's November Patch Tuesday includes four critical and fifty-five important vulnerabilities for a wide range of Microsoft products, Affecting Microsoft Server, and Workstations. Since three vulnerabilities are actively exploited in the wild urgent patching is required.
TA455 is observed abusing CVE-2023-36025,a zero-day security bypass vulnerability in Windows SmartScreen.
There is a POC is released for CVE-2023-36025,a zero-day security bypass vulnerability in Windows SmartScreen.
An attacker could generate a seemingly legitimate looking but malicious .URL file and distribute it via a phishing email. A user tricked into clicking on the file would land directly on the malicious site or execute malicious code without receiving any of the usual warnings from SmartScreen.
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called "Patch Tuesday” and hold security fixes for Microsoft devices and software. This month's release covers 63 Microsoft vulnerabilities. Four vulnerabilities are marked as critical, fifty-five as important and four as Moderate. Microsoft’s Patch Tuesday includes five zero-day vulnerabilities of which three are actively exploited. Microsoft considers ten of these vulnerabilities are more likely to be exploited in the near future thus urgent patching is needed.
The CCB would like to point your attention to following vulnerabilities:
• CVE-2023-36036 is an important elevation of privilege vulnerability in Microsoft Windows Cloud Files Mini Filter Driver. CVE-2023-36036 received a CVSSv3.1 score of 7.8. According to Microsoft, it has been exploited in the wild as a zero-day. Exploitation of this vulnerability could lead to a local attacker gaining SYSTEM privileges. At the time of writing, it is not known how the flaw was abused in attacks or by what threat actor.
• CVE-2023-36033 is an important elevation of privilege zero-day vulnerability. CVE-2023-36033 is a vulnerability in the Microsoft Windows Desktop Window Manager (DWM) Core Library. The vulnerability received a CVSSv3.1 score of 7.8. According to Microsoft, "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges". The vulnerability is actively exploited in the wild, but it is not shared how it was used in attacks.
• CVE-2023-36025 is a zero-day security bypass vulnerability in Windows SmartScreen. CVE-2023-36025 received a CVSSv3.1 score of 8.8. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. According to Microsoft: "The user would have to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be compromised by the attacker", so user interaction is required. The vulnerability is actively exploited but it is not known how or by what threat actor.
• CVE-2023-36413 is a zero-day security bypass vulnerability in Microsoft Office. CVE-2023-36413 received a CVSSv3.1 score of 6.5. For successful exploitation, the attacker must send the user a malicious file and convince them to open it. When an attacker succeeds, it could allow the attacker to bypass the Office Protected View and open in editing mode rather than protected mode. According to Microsoft, exploitation of this vulnerability is more likely.
• CVE-2023-36038 is a zero-day denial of service vulnerability in the ASP.NET Core. CVE-2023-36038 received a CVSSv3.1 score of 8.2. According to Microsoft: "This vulnerability could be exploited if http requests to .NET 8 RC 1 running on IIS InProcess hosting model are cancelled. Threads counts would increase and an OutOfMemoryException is possible." Exploiting this vulnerability could lead to a total loss of availability.
• CVE-2023-36052 is a critical information disclosure vulnerability in Azure CLI. CVE-2023-36052 received a CVSSv3.1 score of 8.8. An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions.
• CVE-2023-36400 is a critical elevation of privilege vulnerability in Windows HMAC Key Derivation component of the Microsoft Windows OS. CVE-2023-36400 received a CVSSv3.1 score of 8.8. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. If an attacker successfully exploited this vulnerability, the attacker could gain SYSTEM privileges.
• CVE-2023-36397 is an important critical RCE vulnerability in the Windows Pragmatic General Multicast (PGM) protocol. CVE-2023-36397 received a CVSSv3.1 score of 9.8. This vulnerability could be exploited if Windows message queuing service is running in a PGM environment. If this is the case, an attacker could send a specially crafted file over the network to achieve remote code execution and try to trigger malicious code.
• CVE-2023-36028 is a RCE vulnerability in the Microsoft Protected Extensible Authentication Protocol (PEAP). CVE-2023-36028 received a CVSSv3.1 score of 9.8. According to Microsoft: "An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.
The Centre for Cyber Security Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.