NEWS  Security  November 16, 2023  Reading time: 2 Minute(s)

Max (RS editor)

In its latest monthly security update, Microsoft has released fixes for a total of 63 security vulnerabilities across its software, with three of them actively exploited in the wild. The November 2023 release includes patches for flaws ranging from Critical to Moderate severity, affecting various components of Microsoft's ecosystem.

Of the 63 vulnerabilities, three are classified as Critical, 56 as Important, and four as Moderate. Notably, two flaws were publicly known at the time of the release, emphasizing the urgency of applying these updates. These fixes supplement the extensive efforts made in October, where more than 35 security issues were addressed in Microsoft's Chromium-based Edge browser during the Patch Tuesday updates.

Five zero-day vulnerabilities have been highlighted in this release, each presenting its own set of risks:

CVE-2023-36025 - Windows SmartScreen Security Feature Bypass Vulnerability:

This flaw poses a significant risk by potentially allowing attackers to bypass Windows Defender SmartScreen checks, undermining the security measures designed to protect users from malicious content.

CVE-2023-36033 (CVSS score: 7.8) - Windows DWM Core Library Elevation of Privilege Vulnerability:

Exploiting this vulnerability could grant an attacker elevated privileges, posing a serious threat to the integrity and security of affected systems.

CVE-2023-36036 (CVSS score: 7.8) - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability:

Similar to CVE-2023-36033, this flaw allows an attacker to escalate privileges, potentially gaining SYSTEM privileges and compromising the affected system.

CVE-2023-36038 (CVSS score: 8.2) - ASP.NET Core Denial of Service Vulnerability:

This vulnerability, with a high CVSS score, exposes a potential avenue for denial-of-service attacks, impacting the availability of ASP.NET Core applications.

CVE-2023-36413 (CVSS score: 6.5) - Microsoft Office Security Feature Bypass Vulnerability:

While less severe, this vulnerability could be exploited to bypass security features in Microsoft Office, raising concerns about the integrity of sensitive documents and data.

Of particular concern are CVE-2023-36033 and CVE-2023-36036, both of which could allow attackers to gain system privileges, indicating a critical need for prompt patching to mitigate these risks.

Microsoft continues to prioritize user security, urging all users to apply the latest updates promptly to safeguard their systems against potential exploits.

(Cover Image by storyset on Freepik)