November 15, 2023 at 01:15AM
Microsoft has released patches to address 63 security bugs, including three actively exploited vulnerabilities. The flaws are rated as Critical, Important, and Moderate in severity. Five zero-day vulnerabilities are identified, including issues with Windows SmartScreen and ASP.NET Core. The U.S. Cybersecurity and Infrastructure Security Agency has issued a warning and urged federal agencies to apply the fixes. Other vendors have also released security updates.
From the meeting notes on November 15, 2023, the following key points can be identified:
– Microsoft has released fixes for 63 security bugs in its software for November 2023.
– Three vulnerabilities are actively being exploited in the wild.
– The flaws are categorized as Critical, Important, and Moderate in severity.
– Two vulnerabilities are publicly known.
– The updates also include security fixes for Chromium-based Edge browser.
– Five notable zero-day vulnerabilities are listed, with details provided for each.
– It is mentioned that CVE-2023-36033 and CVE-2023-36036 could be exploited to gain SYSTEM privileges.
– Guidance on the attack mechanisms and threat actors is not provided.
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the three exploited vulnerabilities to its catalog.
– Microsoft has patched two critical remote code execution flaws in Protected Extensible Authentication Protocol and Pragmatic General Multicast.
– Other vendors have also released security updates in recent weeks.
Please let me know if you need any additional information.