Microsoft has released its November 2023 Patch Tuesday updates, addressing 58 vulnerabilities across its suite of products and software.
Key Highlights:
- Microsoft releases security patches for 58 vulnerabilities, including five zero-days.
- Three of the zero-days have been actively exploited in attacks.
- The critical vulnerabilities fixed this month include an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw.
Out of these vulnerabilities, only three received a “Critical” severity rating. However, three zero-days that are being actively exploited in attacks have been addressed.
A zero-day vulnerability is a flaw that is publicly known or actively exploited before a patch is available.
The three zero-days fixed this month are:
- CVE-2023-36036: An elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver that could allow an attacker to gain SYSTEM privileges.
- CVE-2023-36033: An elevation of privilege vulnerability in the Windows DWM Core Library that could allow an attacker to gain SYSTEM privileges.
- CVE-2023-36025: A Windows SmartScreen Security Feature Bypass Vulnerability that could allow an attacker to bypass the SmartScreen security feature and download malicious files.
Microsoft also fixed 14 remote code execution (RCE) vulnerabilities, but only one was classified as critical.
The three critical vulnerabilities fixed today are:
- CVE-2023-42421: An Azure information disclosure bug that could allow an attacker to access sensitive information.
- CVE-2023-42422: An RCE in Windows Internet Connection Sharing (ICS) that could allow an attacker to take control of an affected computer.
- CVE-2023-42423: A Hyper-V escape flaw that could allow an attacker to execute programs on the host with SYSTEM privileges.
In addition to the vulnerabilities fixed this month, Microsoft also released security updates for a number of other products, including Windows, Office, Edge, and Azure.
It is important that all users install these updates as soon as possible to protect themselves from these vulnerabilities.
Microsoft will continue to release security updates on a monthly basis. It is important that all users install these updates as soon as possible to protect themselves from the latest threats.
Impact on Microsoft Products
The November 2023 Patch Tuesday addressed vulnerabilities across a wide range of Microsoft products, including Windows, Office, Edge, and Azure. As such, it is crucial for users of these products to prioritize installing the available updates to safeguard their systems from potential exploitation.
Proactive Protection: A Continuous Effort
Microsoft’s Patch Tuesday serves as a reminder of the ongoing nature of cybersecurity and the importance of proactive protection. By promptly installing security updates, users can significantly reduce their exposure to emerging threats and maintain the integrity of their systems.
Microsoft’s November 2023 Patch Tuesday updates address a number of critical vulnerabilities, including five zero-days. It is important that all users install these updates as soon as possible to protect themselves from these threats.
