Microsoft has released their security patches as part of their Patch Tuesday for November 2023. Microsoft has patched nearly 58 flaws, including 5 zero-day vulnerabilities.
The vulnerabilities were associated with Privilege Escalation (16), Remote code execution (15), Spoofing (11), Security Feature Bypass (6), Information Disclosure (6), and Denial of Service (5).
Microsoft also republished 15 non-Microsoft CVEs, which existent on Microsoft Bluetooth Driver and Microsoft Edge (Chromium-based) as mentioned in their release notes of November 2023.
Microsoft mentioned three zero-day vulnerabilities as “Exploited Detected” as threat actors exploited them in the wild.
CVE-2023-36036 – Elevation of Privilege in Windows Cloud Files Mini Filter Driver
A threat actor could exploit this vulnerability and gain SYSTEM privilege to perform several malicious activities on the compromised system.
This vulnerability affected Microsoft Windows Server 2019, 32-bit Systems, x64-based Systems, ARM64-based Systems, Windows Server 2022, Windows 11 version 21H2, and many other Microsoft Products.
The severity for this vulnerability has been given as 7.8 (High). However, there was no additional information about this vulnerability, such as how it was exploited or by which threat actor.
CVE-2023-36025: Security Feature Bypass in Multiple Windows Products
This vulnerability can be exploited by an unauthorized threat actor who does not require any access or settings for attacking. However, to successfully exploit this vulnerability, a user interaction is required.
This vulnerability existed in multiple Microsoft products and was rated 8.8 (High). Microsoft provided no additional information about this zero-day vulnerability.
CVE-2023-36033: Elevation of Privilege in Windows DWM Core Library
This was another zero-day vulnerability mentioned by Microsoft, which a threat actor could exploit. However, no user interaction is required to exploit this vulnerability, but a basic user privilege is required to exploit this vulnerability.
This vulnerability was given a severity of 7.8 (High) and is found to exist on many Microsoft products. Microsoft provided no other additional information about this vulnerability.
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.