Microsoft Patch Tuesday: November 2023 Edition

patch tuesday header 1

Microsoft released its monthly batch of security updates on November 14, 2023, addressing 75 vulnerabilities, including three zero-day vulnerabilities that are being actively exploited by attackers. The updates also include three Critical and 57 Important severity vulnerabilities.

Key Highlights:

  • Three zero-day vulnerabilities are being actively exploited by attackers.
  • 75 vulnerabilities are being addressed in this month’s Patch Tuesday.
  • Three Critical and 57 Important severity vulnerabilities are included in the updates.
  • 17 Microsoft Edge (Chromium-based) vulnerabilities are also being addressed.

patch tuesday header 1

Vulnerabilities Addressed

The November 2023 Patch Tuesday addresses a wide range of vulnerabilities, including:

  • Denial of Service (DoS) vulnerabilities
  • Elevation of Privilege (EoP) vulnerabilities
  • Information Disclosure vulnerabilities
  • Remote Code Execution (RCE) vulnerabilities
  • Security Feature Bypass vulnerabilities
  • Cross-site Scripting (XSS) vulnerabilities
  • Spoofing vulnerabilities

Zero-Day Vulnerabilities

The three zero-day vulnerabilities addressed in this month’s Patch Tuesday are:

  • CVE-2023-36025: A Windows SmartScreen Security feature bypass vulnerability.
  • CVE-2023-36033: A Windows Dynamic Window Manager (DWM) elevation of privilege vulnerability.
  • CVE-2023-36036: A Windows Cloud Files Mini Filter Driver elevation of privilege vulnerability.

Impact and Recommendations

Microsoft recommends that all users install the November 2023 Patch Tuesday updates as soon as possible to protect their systems from these vulnerabilities. Organizations should prioritize patching systems that are at higher risk of attack, such as those that are exposed to the internet or that are used to store sensitive data.

In addition to the zero-day vulnerabilities, the November 2023 Patch Tuesday also addresses three Critical severity vulnerabilities and 57 Important severity vulnerabilities. These vulnerabilities span a range of categories, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Cross-site Scripting (XSS), and Spoofing.

The Critical severity vulnerabilities, CVE-2023-36034, CVE-2023-36035, and CVE-2023-36037, require immediate attention as they pose a significant risk of exploitation. These vulnerabilities affect the Microsoft Protected Extensible Authentication Protocol (PEAP), the Windows PGM component, and the Windows Authentication Methods, respectively.

The Important severity vulnerabilities, while not as critical as the zero-day and Critical vulnerabilities, still represent potential security risks and should be addressed promptly. These vulnerabilities span a variety of Microsoft products and components, including Microsoft Office, Open Management Infrastructure, Tablet Windows User Interface, Visual Studio Code, Windows Cloud Files Mini Filter Driver, Windows Common Log File System Driver, and Microsoft Edge.

The November 2023 Patch Tuesday is an important release that addresses a number of critical vulnerabilities. Users and organizations should install the updates as soon as possible to protect their systems from attack.

About the author

Mary Woods

Mary nurses a deep passion for any kind of technical or technological happenings all around the globe. She is currently putting up in Miami. Internet is her forte and writing articles on the net for modern day technological wonders are her only hobby. You can find her at mary@pc-tablet.com.