Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest November 2023 Patch Tuesday Report
January 19, 2024
|
15m

Breaking Down the Latest November 2023 Patch Tuesday Report


Breaking Down The Latest November 2023 Patch Tuesday Report

The November 2023 Patch Tuesday report has been released, marking another significant monthly event for organizations and individuals to bolster their cybersecurity. This report is crucial for ensuring the ongoing security and stability of the Windows operating system and a range of other software products that are integral to daily operations. In this article, we delve into the essential highlights of the November 2023 Patch Tuesday report, emphasizing the most critical updates and concerns for users and administrators.

In November 2023, Microsoft addressed a total of 58 flaws, including five zero-day vulnerabilities. Of the new patches, three were rated Critical, 56 Important, and four Moderate in severity. The report is notable for fixing a high number of Elevation of Privilege vulnerabilities (16), along with 6 Security Feature Bypass, 15 Remote Code Execution, 6 Information Disclosure, 5 Denial of Service, and 11 Spoofing vulnerabilities.

The three actively exploited zero-day vulnerabilities patched in this update are CVE-2023-36036, CVE-2023-36033, and CVE-2023-36025, which involve the Windows Cloud Files Mini Filter Driver, Windows DWM Core Library, and Windows SmartScreen, respectively. Additionally, CVE-2023-36397, a Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability, stands out as the highest-rated bug for the month with a CVSS of 9.8.

Other critical issues include an information disclosure vulnerability in the Azure Command-Line Interface (CLI) and a privilege escalation vulnerability in the Windows Hash-based Message Authentication Code (HMAC) related to Hyper-V. The report also addresses several security feature bypass (SFB) vulnerabilities in ASP.NET Core, Microsoft Office, Excel, and the On-Prem Data Gateway. Lets break down what is there in the November patches that Microsoft released on 14th November.

Key Highlights- Patch Tuesday November 2023

In Novembers Patch Tuesday, Microsoft addressed 58 flaws, including five zero-day vulnerabilities, with three of them actively exploited in the wild. This update included patches for a variety of vulnerability types such as privilege escalation bugs, information disclosure issues, spoofing weaknesses, security feature bypasses, remote code execution flaws, and denial of service vulnerabilities.

The key affected products in this update span across Microsofts product range, including Windows, Azure, Microsoft Edge, Office, Exchange Server, and others. It is crucial for administrators and end users to apply these security updates promptly to protect their systems from these vulnerabilities.

Key Highlights are:

  1. Total Flaws and Zero-Day Vulnerabilities: The November update includes 58 flaws, with five zero-day vulnerabilities, three of which were actively exploited.

  2. Critical Flaws: Among the patches, three critical flaws were fixed, including an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw.

  3. Variety of Vulnerability Types: The vulnerabilities addressed include 16 Elevation of Privilege vulnerabilities, 6 Security Feature Bypass vulnerabilities, 15 Remote Code Execution vulnerabilities, 6 Information Disclosure vulnerabilities, 5 Denial of Service vulnerabilities, and 11 Spoofing vulnerabilities.

  4. Actively Exploited Zero-Days: The actively exploited zero-day vulnerabilities patched include CVE-2023-36036, CVE-2023-36033, and CVE-2023-36025, affecting Windows Cloud Files Mini Filter Driver, Windows DWM Core Library, and Windows SmartScreen.

  5. Noteworthy Critical-Rated Bugs: Other critical-rated bugs include an information disclosure in the Azure Command-Line Interface (CLI), a privilege escalation in the Windows HMAC that could allow a guest on Hyper-V to execute code on the host OS, and a CVE in Windows Pragmatic General Multicast (PGM).

  6. Security Feature Bypass Vulnerabilities: There were patches for various security feature bypass bugs, including those in ASP.NET Core, Office, Excel, and the On-Prem Data Gateway.

This Novembers Patch Tuesday highlights Microsofts ongoing commitment to securing its wide range of products against ever-evolving cybersecurity threats.

Zero-day Vulnerabilities Patched in November 2023

In November 2023, Microsoft addressed a spectrum of security issues, including five critical zero-day vulnerabilities. Out of which three were actively being exploited (CVE-2023-36036, CVE-2023-36033, and CVE-2023-36025). These vulnerabilities were particularly significant because they had been disclosed or exploited before a patch was available, posing an immediate risk to affected systems.

CVE-2023-36413 (Microsoft Office Security Feature Bypass Vulnerability):

This vulnerability allowed attackers to bypass security features in Microsoft Office, potentially letting them open malicious files in editing mode rather than the restricted Protected View. This could lead to further exploits such as macro-based attacks or other forms of malware execution. The attackers would need to convince a user to open a specifically crafted file to leverage this vulnerability, which underscores the importance of caution with email attachments and downloads from untrusted sources.

CVE-2023-36036 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability):

The Windows Cloud Files Mini Filter Driver vulnerability could allow an attacker to gain SYSTEM privileges by exploiting the filter drivers functions. A successful exploit could enable an attacker to execute code with elevated privileges, essentially giving them full control over the affected system. This type of access could be used for further malicious activities, including data theft, spreading ransomware, or creating persistent access to the compromised environment.

CVE-2023-36038 (ASP.NET Core Denial of Service Vulnerability):

Affecting the ASP.NET Core framework, this vulnerability could lead to a denial of service (DoS) condition. By exploiting this flaw, an attacker could send specially crafted HTTP requests that would disrupt the service, potentially making the web application unavailable to legitimate users. The disruption caused by such an attack could have significant implications for businesses, resulting in downtime and loss of productivity.

CVE-2023-36033 (Windows DWM Core Library Elevation of Privilege Vulnerability):

This vulnerability was found in the Desktop Window Manager (DWM) and could allow an attacker to perform an elevation of privilege. By exploiting this flaw, an attacker could execute arbitrary code with elevated permissions. The DWM is responsible for visual effects on the desktop, and compromising this component could lead to various malicious activities, including surveillance or further system compromise.

CVE-2023-36025 (Windows SmartScreen Security Feature Bypass Vulnerability):

The Windows SmartScreen filter is designed to warn users about running unrecognized applications or files from the internet. This vulnerability allowed attackers to bypass those warnings, which could lead to users inadvertently executing malicious software. This kind of bypass is particularly dangerous because it undermines a key defense mechanism that many users rely on to prevent malware infections.

Critical Vulnerabilities Patched in November 2023

Microsofts November 2023 security updates addressed one critical and two high severity vulnerabilities that could be remotely exploited without user interaction. These flaws represent significant risks that malicious actors could leverage in attacks. Promptly patching critical issues should be a top priority for security teams.

One concerning bug is CVE-2023-36397, a remote code execution flaw in Windows Pragmatic General Multicast rated CVSSv3 9.8. Another critical bug is CVE-2023-36052, an Azure CLI information disclosure vulnerability that could reveal plaintext passwords and usernames from log files. Also high severity is CVE-2023-36400, a Windows HMAC key derivation elevation of privilege bug enabling takeover of Hyper-V virtual machines.

With remote exploitation and no user interaction required, these critical vulnerabilities open doorways for serious compromise by attackers. Their high CVSSv3 scores reflect the urgent need to apply fixes before threats leverage them. Prioritizing critical and high severity patches reduces exposure to the most dangerous risks.

CVE IDDescriptionCVSSv3Severity
CVE-2023-36397Windows Pragmatic General Multicast Remote Code Execution9.8Critical
CVE-2023-36052Azure CLI Information Disclosure8.6High
CVE-2023-36400Windows HMAC Key Derivation Elevation of Privilege8.8High

Vulnerabilities by Category

In total, 58 vulnerabilities were addressed in Novembers Patch Tuesday, with remote code execution being a notable vulnerability type patched by Microsoft, occurring 15 times. Elevation of privilege bugs also accounted for a significant portion of the flaws fixed, with 16 occurrences. The least common vulnerability category was denial of service, with 5 such flaws patched in November. Please refer to the below chart for complete details on all categories of vulnerabilities:

Here is a table with the vulnerability categories and associated CVE IDs from Microsofts November 2023 Patch Tuesday:

Vulnerability CategoryCVE IDs
Elevation of Privilege VulnerabilityCVE-2023-36024
CVE-2023-36027
CVE-2023-36033
CVE-2023-36036
CVE-2023-36047
CVE-2023-36049
CVE-2023-36394
CVE-2023-36399
CVE-2023-36400
CVE-2023-36403
CVE-2023-36405
CVE-2023-36407
CVE-2023-36408
CVE-2023-36422
CVE-2023-36424
CVE-2023-36427
CVE-2023-36705
CVE-2023-36719
Security Feature Bypass VulnerabilityCVE-2023-36021
CVE-2023-36025
CVE-2023-36037
CVE-2023-36413
CVE-2023-36558
CVE-2023-36560
CVE-2023-5850
CVE-2023-5853
CVE-2023-5858
CVE-2023-5859
Remote Code Execution VulnerabilityCVE-2023-36014
CVE-2023-36017
CVE-2023-36022
CVE-2023-36028
CVE-2023-36034
CVE-2023-36041
CVE-2023-36045
CVE-2023-36393
CVE-2023-36396
CVE-2023-36397
CVE-2023-36401
CVE-2023-36402
CVE-2023-36423
CVE-2023-36425
CVE-2023-36437
CVE-2023-36439
CVE-2023-38151
CVE-2023-38177
CVE-2023-5480
CVE-2023-5482
CVE-2023-5849
CVE-2023-5851
CVE-2023-5852
CVE-2023-5854
CVE-2023-5855
CVE-2023-5856
CVE-2023-5857
CVE-2023-5996
Information Disclosure VulnerabilityCVE-2023-36043
CVE-2023-36052
CVE-2023-36398
CVE-2023-36404
CVE-2023-36406
CVE-2023-36428
Denial of Service VulnerabilityCVE-2023-36038
CVE-2023-36042
CVE-2023-36046
CVE-2023-36392
CVE-2023-36395
Spoofing VulnerabilityCVE-2023-24023
CVE-2023-36007
CVE-2023-36018
CVE-2023-36029
CVE-2023-36030
CVE-2023-36035
CVE-2023-36039
CVE-2023-36050
Cross-site Scripting VulnerabilityCVE-2023-36016
CVE-2023-36031
CVE-2023-36410

List of Products Patched in November 2023 Patch Tuesday Report

Microsofts November 2023 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:

Product NameNo. of Vulnerabilities Patched
Microsoft Edge (Chromium-based)20
Mariner5
Windows Hyper-V4
Microsoft Exchange Server4
Microsoft Dynamics4
ASP.NET3
Windows Authentication Methods3
Azure3
Windows Kernel3
Microsoft Office2
Microsoft Office Excel2
Microsoft Remote Registry Service2
Microsoft Office SharePoint1
Windows Deployment Services1
Windows Compressed Folder1
Windows HMAC Key Derivation1
Windows Distributed File System (DFS)1
Windows Installer1
Windows Cloud Files Mini Filter Driver1
Microsoft Dynamics 365 Sales1
Microsoft WDAC OLE DB provider for SQL1
Windows Common Log File System Driver1
Microsoft Windows Search Component1
Windows Defender1
Windows Internet Connection Sharing (ICS)1
Windows DHCP Server1
Windows NTFS1
Windows DWM Core Library1
Windows Scripting1
Microsoft Bluetooth Driver1
Windows Storage1
Azure DevOps1
.NET Framework1
Microsoft Windows Speech1
Windows Protected EAP (PEAP)1
Open Management Infrastructure1
Windows SmartScreen1
Tablet Windows User Interface1
Visual Studio1
Visual Studio Code1

Complete List of Vulnerabilities Patched in November 2023 Patch Tuesday

Download the complete list of vulnerabilities by products patched in November 2023 Patch Tuesday here. 

Azure vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-38151Microsoft Host Integration Server 2020 Remote Code Execution VulnerabilityNoNo8.8ImportantRCE
CVE-2023-36437Azure DevOps Server Remote Code Execution VulnerabilityNoNo8.8ImportantRCE
CVE-2023-36052Azure CLI REST Command Information Disclosure VulnerabilityNoNo8.6CriticalInfo
CVE-2023-36021Microsoft On-Prem Data Gateway Security Feature Bypass VulnerabilityNoNo8ImportantSFB

Browser vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-36034Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityNoNo7.3ModerateRCE
CVE-2023-36014Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityNoNo7.3ModerateRCE
CVE-2023-36024Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo7.1ImportantEoP
CVE-2023-36027Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityNoNo7.1ImportantEoP
CVE-2023-36022Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityNoNo6.6ModerateRCE
CVE-2023-36029Microsoft Edge (Chromium-based) Spoofing VulnerabilityNoNo4.3ModerateSpoofing
CVE-2023-5996Chromium: CVE-2023-5996 Use after free in WebAudioNoNoN/AHighRCE
CVE-2023-5859Chromium: CVE-2023-5859 Incorrect security UI in Picture In PictureNoNoN/ALowSFB
CVE-2023-5858Chromium: CVE-2023-5858 Inappropriate implementation in WebApp ProviderNoNoN/ALowSFB
CVE-2023-5857Chromium: CVE-2023-5857 Inappropriate implementation in DownloadsNoNoN/AMediumRCE
CVE-2023-5856Chromium: CVE-2023-5856 Use after free in Side PanelNoNoN/AMediumRCE
CVE-2023-5855Chromium: CVE-2023-5855 Use after free in Reading ModeNoNoN/AMediumRCE
CVE-2023-5854Chromium: CVE-2023-5854 Use after free in ProfilesNoNoN/AMediumRCE
CVE-2023-5853Chromium: CVE-2023-5853 Incorrect security UI in DownloadsNoNoN/AMediumSFB
CVE-2023-5852Chromium: CVE-2023-5852 Use after free in PrintingNoNoN/AMediumRCE
CVE-2023-5851Chromium: CVE-2023-5851 Inappropriate implementation in DownloadsNoNoN/AMediumRCE
CVE-2023-5850Chromium: CVE-2023-5850 Incorrect security UI in DownloadsNoNoN/AMediumSFB
CVE-2023-5849Chromium: CVE-2023-5849 Integer overflow in USBNoNoN/AHighRCE
CVE-2023-5482Chromium: CVE-2023-5482 Insufficient data validation in USBNoNoN/AHighRCE
CVE-2023-5480Chromium: CVE-2023-5480 Inappropriate implementation in PaymentsNoNoN/AHighRCE

Developer Tools vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-36560ASP.NET Security Feature Bypass VulnerabilityNoNo8.8ImportantSFB
CVE-2023-36038ASP.NET Core Denial of Service VulnerabilityNoYes8.2ImportantDoS
CVE-2023-36018Visual Studio Code Jupyter Extension Spoofing VulnerabilityNoNo7.8ImportantSpoofing
CVE-2023-36049.NET, .NET Framework, and Visual Studio Elevation of Privilege VulnerabilityNoNo7.6ImportantEoP
CVE-2023-36042Visual Studio Denial of Service VulnerabilityNoNo6.2ImportantDoS
CVE-2023-36558ASP.NET Core – Security Feature Bypass VulnerabilityNoNo6.2ImportantSFB

ESU Windows vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-36397Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityNoNo9.8CriticalRCE
CVE-2023-36025Windows SmartScreen Security Feature Bypass VulnerabilityYesNo8.8ImportantSFB
CVE-2023-36017Windows Scripting Engine Memory Corruption VulnerabilityNoNo8.8ImportantRCE
CVE-2023-36402Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityNoNo8.8ImportantRCE
CVE-2023-36719Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege VulnerabilityNoNo8.4ImportantEoP
CVE-2023-36425Windows Distributed File System (DFS) Remote Code Execution VulnerabilityNoNo8ImportantRCE
CVE-2023-36393Windows User Interface Application Core Remote Code Execution VulnerabilityNoNo7.8ImportantRCE
CVE-2023-36705Windows Installer Elevation of Privilege VulnerabilityNoNo7.8ImportantEoP
CVE-2023-36424Windows Common Log File System Driver Elevation of Privilege VulnerabilityNoNo7.8ImportantEoP
CVE-2023-36036Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityYesNo7.8ImportantEoP
CVE-2023-36395Windows Deployment Services Denial of Service VulnerabilityNoNo7.5ImportantDoS
CVE-2023-36392DHCP Server Service Denial of Service VulnerabilityNoNo7.5ImportantDoS
CVE-2023-36423Microsoft Remote Registry Service Remote Code Execution VulnerabilityNoNo7.2ImportantRCE
CVE-2023-36401Microsoft Remote Registry Service Remote Code Execution VulnerabilityNoNo7.2ImportantRCE
CVE-2023-36403Windows Kernel Elevation of Privilege VulnerabilityNoNo7ImportantEoP
CVE-2023-36398Windows NTFS Information Disclosure VulnerabilityNoNo6.5ImportantInfo
CVE-2023-36428Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityNoNo5.5ImportantInfo

Exchange Server vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-36050Microsoft Exchange Server Spoofing VulnerabilityNoNo8ImportantSpoofing
CVE-2023-36039Microsoft Exchange Server Spoofing VulnerabilityNoNo8ImportantSpoofing
CVE-2023-36035Microsoft Exchange Server Spoofing VulnerabilityNoNo8ImportantSpoofing
CVE-2023-36439Microsoft Exchange Server Remote Code Execution VulnerabilityNoNo8ImportantRCE

Microsoft Dynamics vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-36007Microsoft Send Customer Voice survey from Dynamics 365 Spoofing VulnerabilityNoNo7.6ImportantSpoofing
CVE-2023-36410Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityNoNo7.6ImportantXSS
CVE-2023-36031Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityNoNo7.6ImportantXSS
CVE-2023-36016Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityNoNo6.2ImportantXSS
CVE-2023-36030Microsoft Dynamics 365 Sales Spoofing VulnerabilityNoNo6.1ImportantSpoofing

Microsoft Office vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-36045Microsoft Office Graphics Remote Code Execution VulnerabilityNoNo7.8ImportantRCE
CVE-2023-36037Microsoft Excel Security Feature Bypass VulnerabilityNoNo7.8ImportantSFB
CVE-2023-36041Microsoft Excel Remote Code Execution VulnerabilityNoNo7.8ImportantRCE
CVE-2023-36413Microsoft Office Security Feature Bypass VulnerabilityNoYes6.5ImportantSFB
CVE-2023-38177Microsoft SharePoint Server Remote Code Execution VulnerabilityNoNo6.1ImportantRCE

System Center vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-36422Microsoft Windows Defender Elevation of Privilege VulnerabilityNoNo7.8ImportantEoP
CVE-2023-36043Open Management Infrastructure Information Disclosure VulnerabilityNoNo6.5ImportantInfo

Windows vulnerabilities

CVETitleExploited?Publicly disclosed?CVSSv3 base scoreSeverityVulnerability
CVE-2023-36028Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityNoNo9.8ImportantRCE
CVE-2023-36400Windows HMAC Key Derivation Elevation of Privilege VulnerabilityNoNo8.8CriticalEoP
CVE-2023-36408Windows Hyper-V Elevation of Privilege VulnerabilityNoNo7.8ImportantEoP
CVE-2023-36407Windows Hyper-V Elevation of Privilege VulnerabilityNoNo7.8ImportantEoP
CVE-2023-36033Windows DWM Core Library Elevation of Privilege VulnerabilityYesYes7.8ImportantEoP
CVE-2023-36396Windows Compressed Folder Remote Code Execution VulnerabilityNoNo7.8ImportantRCE
CVE-2023-36047Windows Authentication Elevation of Privilege VulnerabilityNoNo7.8ImportantEoP
CVE-2023-36399Windows Storage Elevation of Privilege VulnerabilityNoNo7.1ImportantEoP
CVE-2023-36046Windows Authentication Denial of Service VulnerabilityNoNo7.1ImportantDoS
CVE-2023-36394Windows Search Service Elevation of Privilege VulnerabilityNoNo7ImportantEoP
CVE-2023-36405Windows Kernel Elevation of Privilege VulnerabilityNoNo7ImportantEoP
CVE-2023-36427Windows Hyper-V Elevation of Privilege VulnerabilityNoNo7ImportantEoP
CVE-2023-36404Windows Kernel Information Disclosure VulnerabilityNoNo5.5ImportantInfo
CVE-2023-36406Windows Hyper-V Information Disclosure VulnerabilityNoNo5.5ImportantInfo
CVE-2023-24023Mitre: CVE-2023-24023 Bluetooth VulnerabilityNoNoN/AImportantSpoofing

Bottom Line

Microsofts November 2023 Patch Tuesday delivered fixes for 58 vulnerabilities, including 5 zero-day threats and critical issues affecting Windows, Azure, and other key products.

This release saw a broad scope of vulnerabilities addressed, with a particular focus on Elevation of Privilege, which accounted for 16 of the vulnerabilities, and Remote Code Execution, with 15 instances being patched. Among the zero-days, three were actively exploited, underscoring the urgency for immediate patching.

Critical vulnerabilities this month include a Hyper-V escape flaw, an Azure CLI information disclosure, and a Windows PGM remote code execution vulnerability, each representing a significant threat to network security. Furthermore, critical remote code execution vulnerabilities in core Windows components were also addressed, alongside other information disclosure and denial of service issues.

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Report

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe