Microsoft Patch Tuesday security updates for November 2023 addressed 63 new vulnerabilities in Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET and .NET Framework; Azure; Mariner; Microsoft Edge (Chromium-based), Visual Studio, and Windows Hyper-V.
Three vulnerabilities addressed by the IT giant are are rated Critical, 56 are rated Important, and four are rated Moderate in severity.
Three of these vulnerabilities are actively exploited in attacks in the wild:
– CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability
An attacker can trigger this vulnerability to elevate privileges through the Windows Desktop Manager (DWM). An attacker can exploit the flaw to gain SYSTEM privileges and chaining this issue with a remote code execution bug can compromise a system.
– CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
An attacker can exploit this flaw to gain SYSTEM privileges. “This driver is used for managing and facilitating the operations of cloud-stored files. It’s loaded by default on just about every version of Windows, so it provides a broad attack surface.” reads the post published by ZDI. “Again, this bug is likely being paired with a code execution bug in attacks.”
– CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability
An attacker can exploit this flaw to bypass Windows Defender SmartScreen checks and other prompts. This flaw can be exploited in phishing campaigns to evade user prompts that would warn recipients about opening a malicious document.
The most severe flaw addressed by Microsoft Patch Tuesday security updates for November 2023 is a Windows Pragmatic General Multicast (PGM) Remote Code Execution issue tracked as CVE-2023-36397 (CVSS 9.8). A remote, unauthenticated attacker can exploit this flaw to execute code with elevated privileges without user interaction.
The full list of vulnerabilities addressed by Microsoft for November 2023 is available here.