In a critical update, Microsoft has addressed 63 vulnerabilities in its operating systems as part of its November 2023 Patch Tuesday. This includes the patching of five zero-day vulnerabilities, three of which are currently being exploited by attackers. These updates are vital for securing systems against potential breaches and attacks.
Zero-Day Vulnerabilities in the November Patch
Actively Exploited Zero-Days:
- CVE-2023-36025: This vulnerability lies within the Windows SmartScreen, allowing attackers to bypass protective checks against malicious websites and files. The exploitation hinges on user interaction, where clicking on a compromised Internet Shortcut or hyperlink can lead to a security breach.
- CVE-2023-36033: An Elevation of Privilege (EoP) flaw in the Windows Desktop Window Manager (DWM) Core Library. If exploited, it could enable attackers to gain SYSTEM privileges, significantly compromising system security.
- CVE-2023-36036: Another EoP vulnerability, this time in the Windows Cloud Files Mini Filter Driver, also potentially granting SYSTEM privileges to attackers.
Other Notable Zero-Days:
- CVE-2023-36413: Targets Microsoft Office, allowing attackers to bypass the Office Protected View, which usually restricts editing of potentially unsafe documents.
- CVE-2023-36038: Affects ASP.NET, potentially leading to denial of service through resource exhaustion by cancelling HTTP requests repeatedly.
Other Patch Tuesday Vulnerabilities
Three critical vulnerabilities were addressed in the patch out of the 58 non-zero days. Firstly, a significant Azure information disclosure vulnerability was patched, which if exploited could have led to sensitive data exposure. Secondly, a flaw in Windows Internet Connection Sharing (ICS) was fixed, previously enabling remote code execution. Lastly, a Hyper-V escape flaw was rectified, which, if exploited, could have allowed attackers to execute programs with SYSTEM privileges on the host machine. In total, the vulnerability category spread is as follows:
- 16 Elevation of Privilege Vulnerabilities
- 6 Security Feature Bypass Vulnerabilities
- 15 Remote Code Execution Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
- 11 Spoofing Vulnerabilities
Organizations using Microsoft Exchange Server should urgently deploy the new patches. The updates include a fix for CVE-2023-36439, a vulnerability that could allow attackers to install malicious software on an Exchange server.
Conclusion
Given the severity and active exploitation of some vulnerabilities, it’s crucial for users and administrators to apply these updates promptly. Delaying could leave systems exposed to security breaches, data theft, and operational disruptions. For a detailed understanding of all vulnerabilities and their impacts, check out the full Patch Tuesday report here.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –