Microsoft's November Patch Update

IT Support
Written By TC Yee
Microsoft's November Patch Update

In the latest Patch Tuesday release, Microsoft has rolled out security updates covering a total of 58 flaws, including fixes for five zero-day vulnerabilities. Among the addressed issues, 14 remote code execution (RCE) bugs were patched, with only one classified as critical. The critical flaws include an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw enabling the execution of programs with SYSTEM privileges on the host.

  • 16 Elevation of Privilege Vulnerabilities

  • 15 Remote Code Execution Vulnerabilities

  • 11 Spoofing Vulnerabilities

  • 6 Information Disclosure Vulnerabilities

  • 6 Security Feature Bypass Vulnerabilities

  • 5 Denial of Service Vulnerabilities

The total count excludes 5 Mariner security updates and 20 Microsoft Edge security updates released earlier this month

The Five zero-day vulnerabilities:

CVE-2023-36036 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Resolving an actively exploited bug, this vulnerability could allow an attacker to gain SYSTEM privileges.

 

CVE-2023-36033 - Windows DWM Core Library Elevation of Privilege Vulnerability

Fixing an actively exploited and publicly disclosed flaw, this vulnerability enables privilege elevation to SYSTEM.

 

CVE-2023-36025 - Windows SmartScreen Security Feature Bypass Vulnerability

Addressing an actively exploited SmartScreen flaw, this allows a malicious Internet Shortcut to bypass security checks, compromising users who interact with it.

 

Additionally, two other publicly disclosed zero-day vulnerabilities, 'CVE-2023-36413 - Microsoft Office Security Feature Bypass Vulnerability' and 'CVE-2023-36038 - ASP.NET Core Denial of Service Vulnerability,' were fixed, though they were not actively exploited in attacks. As Microsoft encourages users to apply the latest updates promptly, detailed information about the non-security updates can be found in dedicated articles covering the new Windows 11 KB5032190 cumulative update and Windows 10 KB5032189 cumulative update.

Full Patch List of November Below:

  1. CVE-2023-36049 - With a CVSS score of 7.6 | Vulnerability: .NET, .NET Framework, and Visual Studio Elevation of Privilege | Important

  2. CVE-2023-36560 - With a CVSS score of 8.8 | Vulnerability: ASP.NET Security Feature Bypass | Important

  3. CVE-2023-36038 - With a CVSS score of 8.2 | Vulnerability: ASP.NET Core Denial of Service | Important

  4. CVE-2023-36558 - With a CVSS score of 6.2 | Vulnerability: ASP.NET Core - Security Feature Bypass | Important

  5. CVE-2023-36052 - With a CVSS score of 8.6 | Vulnerability: Azure CLI REST Command Information Disclosure | Critical

  6. CVE-2023-38151 - With a CVSS score of 8.8 | Vulnerability: Microsoft Host Integration Server 2020 Remote Code Execution | Important

  7. CVE-2023-36021 - With a CVSS score of 8.0 | Vulnerability: Microsoft On-Prem Data Gateway Security Feature Bypass | Important

  8. CVE-2023-36437 - With a CVSS score of 8.8 | Vulnerability: Azure DevOps Server Remote Code Execution | Important

  9. CVE-2020-1747 - No CVSS score | Vulnerability: Unknown - Mariner Security Update | Unknown

  10. CVE-2023-46316 - No CVSS score | Vulnerability: Unknown - Mariner Security Update | Unknown

  11. CVE-2023-46753 - No CVSS score | Vulnerability: Unknown - Mariner Security Update | Unknown

  12. CVE-2020-8554 - No CVSS score | Vulnerability: Unknown - Mariner Security Update | Unknown

  13. CVE-2020-14343 - No CVSS score | Vulnerability: Unknown - Mariner Security Update | Unknown

  14. CVE-2023-24023 - No CVSS score | Vulnerability: Mitre: CVE-2023-24023 Bluetooth | Important

  15. CVE-2023-36016 - With a CVSS score of 6.2 | Vulnerability: Microsoft Dynamics 365 (on-premises) Cross-site Scripting | Important

  16. CVE-2023-36007 - With a CVSS score of 7.6 | Vulnerability: Microsoft Send Customer Voice survey from Dynamics 365 Spoofing | Important

  17. CVE-2023-36031 - With a CVSS score of 7.6 | Vulnerability: Microsoft Dynamics 365 (on-premises) Cross-site Scripting | Important

  18. CVE-2023-36410 - With a CVSS score of 7.6 | Vulnerability: Microsoft Dynamics 365 (on-premises) Cross-site Scripting | Important

  19. CVE-2023-36030 - With a CVSS score of 6.1 | Vulnerability: Microsoft Dynamics 365 Sales Spoofing | Important

  20. CVE-2023-36014 - With a CVSS score of 7.3 | Vulnerability: Microsoft Edge (Chromium-based) Remote Code Execution | Moderate

  21. CVE-2023-5996 - No CVSS score | Vulnerability: Chromium: CVE-2023-5996 Use after free in WebAudio | Unknown

  22. CVE-2023-36022 - With a CVSS score of 6.6 | Vulnerability: Microsoft Edge (Chromium-based) Remote Code Execution | Moderate

  23. CVE-2023-36027 - With a CVSS score of 7.1 | Vulnerability: Microsoft Edge (Chromium-based) Elevation of Privilege | Important

  24. CVE-2023-36029 - With a CVSS score of 4.3 | Vulnerability: Microsoft Edge (Chromium-based) Spoofing | Moderate

  25. CVE-2023-5480 - No CVSS score | Vulnerability: Chromium: CVE-2023-5480 Inappropriate implementation in Payments | Unknown

  26. CVE-2023-5856 - No CVSS score | Vulnerability: Chromium: CVE-2023-5856 Use after free in Side Panel | Unknown

  27. CVE-2023-5855 - No CVSS score | Vulnerability: Chromium: CVE-2023-5855 Use after free in Reading Mode | Unknown

  28. CVE-2023-5854 - No CVSS score | Vulnerability: Chromium: CVE-2023-5854 Use after free in Profiles | Unknown

  29. CVE-2023-5859 - No CVSS score | Vulnerability: Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture | Unknown

  30. CVE-2023-5858 - No CVSS score | Vulnerability: Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider | Unknown

  31. CVE-2023-5857 - No CVSS score | Vulnerability: Chromium: CVE-2023-5857 Inappropriate implementation in Downloads | Unknown

  32. CVE-2023-5850 - No CVSS score | Vulnerability: Chromium: CVE-2023-5850 Incorrect security UI in Downloads | Unknown

  33. CVE-2023-5849 - No CVSS score | Vulnerability: Chromium: CVE-2023-5849 Integer overflow in USB | Unknown

  34. CVE-2023-5482 - No CVSS score | Vulnerability: Chromium: CVE-2023-5482 Insufficient data validation in USB | Unknown

  35. CVE-2023-5853 - No CVSS score | Vulnerability: Chromium: CVE-2023-5853 Incorrect security UI in Downloads | Unknown

  36. CVE-2023-5852 - No CVSS score | Vulnerability: Chromium: CVE-2023-5852 Use after free in Printing | Unknown

  37. CVE-2023-5851 - No CVSS score | Vulnerability: Chromium: CVE-2023-5851 Inappropriate implementation in Downloads | Unknown

  38. CVE-2023-36024 - With a CVSS score of 7.1 | Vulnerability: Microsoft Edge (Chromium-based) Elevation of Privilege | Important

  39. CVE-2023-36034 - With a CVSS score of 7.3 | Vulnerability: Microsoft Edge (Chromium-based) Remote Code Execution | Moderate

  40. CVE-2023-36439 - With a CVSS score of 8.0 | Vulnerability: Microsoft Exchange Server Remote Code Execution | Important

  41. CVE-2023-36050 - With a CVSS score of 8.0 | Vulnerability: Microsoft Exchange Server Spoofing | Important

  42. CVE-2023-36039 - With a CVSS score of 8.0 | Vulnerability: Microsoft Exchange Server Spoofing| Important

  43. CVE-2023-36035 - With a CVSS score of 8.0 | Vulnerability: Microsoft Exchange Server Spoofing | Important

  44. CVE-2023-36413 - With a CVSS score of 6.5 | Vulnerability: Microsoft Office Security Feature Bypass | Important

  45. CVE-2023-36045 - With a CVSS score of 7.8 | Vulnerability: Microsoft Office Graphics Remote Code Execution | Important

  46. CVE-2023-36041 - With a CVSS score of 7.8 | Vulnerability: Microsoft Excel Remote Code Execution | Important

  47. CVE-2023-36037 - With a CVSS score of 7.8 | Vulnerability: Microsoft Excel Security Feature Bypass | Important

  48. CVE-2023-38177 - With a CVSS score of 6.1 | Vulnerability: Microsoft SharePoint Server Remote Code Execution | Important

  49. CVE-2023-36423 - With a CVSS score of 8.8 | Vulnerability: Microsoft Remote Registry Service Remote Code Execution | Important

  50. CVE-2023-36401 - With a CVSS score of 7.2 | Vulnerability: Microsoft Remote Registry Service Remote Code Execution | Important

  51. CVE-2023-36402 - With a CVSS score of 8.8 | Vulnerability: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution | Important

  52. CVE-2023-36394 - With a CVSS score of 7.0 | Vulnerability: Windows Search Service Elevation of Privilege | Important

  53. CVE-2023-36719 - With a CVSS score of 8.4 | Vulnerability: Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege | Important

  54. CVE-2023-36043 - With a CVSS score of 6.5 | Vulnerability: Open Management Infrastructure Information Disclosure | Critical

  55. CVE-2023-36393 - With a CVSS score of 7.8 | Vulnerability: Windows User Interface Application Core Remote Code Execution | Important

  56. CVE-2023-36042 - With a CVSS score of 6.2 | Vulnerability: Visual Studio Denial of Service | Important

  57. CVE-2023-36018 - With a CVSS score of 7.8 | Vulnerability: Visual Studio Code Jupyter Extension Spoofing | Important

  58. CVE-2023-36047 - With a CVSS score of 7.8 | Vulnerability: Windows Authentication Elevation of Privilege | Important

  59. CVE-2023-36428 - With a CVSS score of 5.5 | Vulnerability: Microsoft Local Security Authority Subsystem Service Information Disclosure | Important

  60. CVE-2023-36046 - With a CVSS score of 7.1 | Vulnerability: Windows Authentication Denial of Service | Important

  61. CVE-2023-36036 - With a CVSS score of 7.8 | Vulnerability: Windows Cloud Files Mini Filter Driver Elevation of Privilege | Important

  62. CVE-2023-36424 - With a CVSS score of 7.8 | Vulnerability: Windows Common Log File System Driver Elevation of Privilege | Important

  63. CVE-2023-36396 - With a CVSS score of 7.8 | Vulnerability: Windows Compressed Folder Remote Code Execution | Important

  64. CVE-2023-36422 - With a CVSS score of 7.8 | Vulnerability: Microsoft Windows Defender Elevation of Privilege | Important

  65. CVE-2023-36395 - With a CVSS score of 7.5 | Vulnerability: Windows Deployment Services Denial of Service | Important

  66. CVE-2023-36392 - With a CVSS score of 7.5 | Vulnerability: DHCP Server Service Denial of Service | Important

  67. CVE-2023-36425 - With a CVSS score of 8.0 | Vulnerability: Windows Distributed File System (DFS) Remote Code Execution | Important

  68. CVE-2023-36033 - With a CVSS score of 7.8 | Vulnerability: Windows DWM Core Library Elevation of Privilege | Important

  69. CVE-2023-36400 - With a CVSS score of 8.8 | Vulnerability: Windows HMAC Key Derivation Elevation of Privilege | Critical

  70. CVE-2023-36427 - With a CVSS score of 7.0 | Vulnerability: Windows Hyper-V Elevation of Privilege | Important

  71. CVE-2023-36407 - With a CVSS score of 7.8 | Vulnerability: Windows Hyper-V Elevation of Privilege | Important

  72. CVE-2023-36406 - With a CVSS score of 5.5 | Vulnerability: Windows Hyper-V Information Disclosure | Important

  73. CVE-2023-36408 - With a CVSS score of 7.8 | Vulnerability: Windows Hyper-V Elevation of Privilege | Important

  74. CVE-2023-36705 - With a CVSS score of 7.8 | Vulnerability: Windows Installer Elevation of Privilege | Important

  75. CVE-2023-36397 - With a CVSS score of 9.8 | Vulnerability: Windows Pragmatic General Multicast (PGM) Remote Code Execution | Critical

  76. CVE-2023-36405 - With a CVSS score of 7.0 | Vulnerability: Windows Kernel Elevation of Privilege | Important

  77. CVE-2023-36404 - With a CVSS score of 5.5 | Vulnerability: Windows Kernel Information Disclosure | Important

  78. CVE-2023-36403 - With a CVSS score of 7.0 | Vulnerability: Windows Kernel Elevation of Privilege | Important

  79. CVE-2023-36398 - With a CVSS score of 6.5 | Vulnerability: Windows NTFS Information Disclosure | Important

  80. CVE-2023-36028 - With a CVSS score of 9.8 | Vulnerability: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution | Important

  81. CVE-2023-36017 - With a CVSS score of 8.8 | Vulnerability: Windows Scripting Engine Memory Corruption | Important

  82. CVE-2023-36025 - With a CVSS score of 8.8 | Vulnerability: Windows SmartScreen Security Feature Bypass | Important

  83. CVE-2023-36399 - With a CVSS score of 7.1 | Vulnerability: Windows Storage Elevation of Privilege | Important

Your Security is our Priority

Your friendly Support Team

the computer department logo

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.

Check out our related article below:

 
TC Yee
Previous

Investigating the Google Drive Sync Glitch
Next

Cyber Attack on Australia's Largest Port Operator