November 14, 2023 at 05:49PM
Microsoft released a November update with 63 bug fixes, including three actively exploited zero-day vulnerabilities. One of the bugs, CVE-2023-36036, allows attackers to acquire system-level privileges through Windows Cloud Files Mini Filter Driver. CVE-2023-36033 provides system-level access through the Windows DWM Core Library, and CVE-2023-36025 allows attackers to bypass Windows Defender SmartScreen checks. Two other bugs remain unexploited. Microsoft assessed three critical vulnerabilities, including CVE-2023-36052, which enables access to plaintext credentials. Security experts recommend prompt patching of these vulnerabilities.
Key takeaways from the meeting notes:
1. Microsoft released a November 2023 update that includes fixes for 63 bugs.
2. Three of these bugs are actively being exploited by threat actors, while two have been disclosed but not yet exploited.
3. The November update is smaller than the previous month’s update, with fewer critical vulnerabilities.
4. One of the actively exploited bugs, CVE-2023-36036, is a privilege escalation vulnerability in Windows Cloud Files Mini Filter Driver.
5. Another actively exploited bug, CVE-2023-36033, is a privilege escalation vulnerability in the Windows DWM Core Library component.
6. The third actively exploited bug, CVE-2023-36025, is a security bypass flaw in Windows Defender SmartScreen.
7. Two bugs, CVE-2023-36038 and CVE-2023-36413, were publicly disclosed but remain unexploited.
8. Microsoft assessed three bugs as critical severity, including CVE-2023-36397, CVE-2023-36400, and CVE-2023-36052.
9. CVE-2023-36052, the information disclosure flaw in an Azure component, is particularly important to prioritize as it allows attackers to gain access to plaintext credentials.
10. Organizations should also pay attention to the medium severity elevation of privilege vulnerability, CVE-2023-36422.
These notes provide an overview of the important bugs and vulnerabilities in Microsoft’s November update. It is recommended to prioritize patching CVEs that are actively being exploited or have critical severity.