November 14, 2023 at 07:42PM
Microsoft’s November Patch Tuesday fixes around 60 vulnerabilities, including three that have already been exploited. These include privilege-escalation vulnerabilities in Windows Desktop Manager and Windows Cloud Files Mini Filter Driver, as well as a security feature bypass flaw in Windows Defender SmartScreen. Additionally, Adobe patched 76 vulnerabilities across its products, and VMware addressed a critical authentication bypass vulnerability in Cloud Director appliances. SAP released three new security notes, and Google fixed a critical issue in the Android system component.
From the meeting notes, here are the key takeaways:
1. Microsoft’s November Patch Tuesday includes fixes for about 60 vulnerabilities.
2. Three vulnerabilities have already been found and abused in the wild:
a. CVE-2023-36033: Windows Desktop Manager Core Library elevation-of-privilege vulnerability.
b. CVE-2023-36036: Windows Cloud Files Mini Filter Driver privilege-escalation vulnerability.
c. CVE-2023-36025: Windows Defender SmartScreen security feature bypass flaw.
3. Two other vulnerabilities are publicly known:
a. CVE-2023-36038: ASP.NET Core denial of service vulnerability.
b. CVE-2023-36413: Microsoft Office security feature bypass flaw.
4. The highest-rated flaw is CVE-2023-36397, a remote code execution bug in Windows Pragmatic General Multicast (PGM).
5. Azure CLI has an information disclosure vulnerability (CVE-2023-36052), and there’s a Windows HMAC Key Derivation elevation of privilege flaw (CVE-2023-36400).
6. There’s a flaw in Microsoft PEAP (CVE-2023-36028) used for secure authentication in wireless networks.
7. Adobe has patched 76 vulnerabilities across various products.
8. VMware fixed a critical authentication bypass vulnerability affecting Cloud Director appliances (CVE-2023-34060).
9. SAP has released three new security notes and updates to previously related notes.
10. Google released its Android security bulletin, with the most critical issue being a local information disclosure in the system component.
These are the main highlights from the meeting notes. If you have any specific questions or need further information, please let me know.