My next class:

Microsoft Patch Tuesday November 2023

Published: 2023-11-14. Last Updated: 2023-11-14 18:42:33 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Today, Microsoft released patches for 64 different vulnerabilities in Microsoft products, 14 vulnerabilities in Chromium affecting Microsoft Edge, and five vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three of these vulnerabilities are already being exploited, and three have been made public before the release of the patches. 

CVE-2023-36038: A denial of service vulnerability in ASP.NET Core. CVSS score of 8.2. This vulnerability was disclosed before the patch release.

CVE-2023-36413: A Microsoft Office security feature bypass. Exploiting this vulnerability will bypass the protected mode when opening a file received via the web. The file would open in editing mode, allowing malicious code execution. The vulnerability has been disclosed before the patch release.

CVE-2023-36036: A privilege escalation vulnerability in Microsoft's Windows Cloud Files Mini Filter Driver. This vulnerability is already being exploited.

CVE-2023-36033: A privilege escalation vulnerability in the Windows DWM Core Library. The vulnerability was exploited and disclosed before the patch release.

CVE-2023-36025: A security feature bypass vulnerability in Windows SmartScreen. This vulnerability was not public before the patch release, but it was already exploited.

Three of the vulnerabilities are considered critical. CVE-2023-36397, a remote code execution vulnerability in the Windows Pragmatic General Multicast (PGM) protocol, is noteworthy as we had patches for this in prior months. But exploitation should be difficult. It will require local network access and is not typically enabled. 

Today's patches also included patches for several older open-source component vulnerabilities in Kubernetes, FRRouting, Traceroute, PyYAML. These affect Mariner Linux, the Linux variant used by Microsoft. I decided not to include them in the matrix below.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36049 No No - - Important 7.6 6.8
ASP.NET Core - Security Feature Bypass Vulnerability
CVE-2023-36558 No No - - Important 6.2 5.6
ASP.NET Core Denial of Service Vulnerability
CVE-2023-36038 Yes No - - Important 8.2 7.1
ASP.NET Security Feature Bypass Vulnerability
CVE-2023-36560 No No - - Important 8.8 7.7
Azure CLI REST Command Information Disclosure Vulnerability
CVE-2023-36052 No No - - Critical 8.6 7.5
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-36437 No No - - Important 8.8 7.7
Chromium: CVE-2023-5480 Inappropriate implementation in Payments
CVE-2023-5480 No No - - -    
Chromium: CVE-2023-5482 Insufficient data validation in USB
CVE-2023-5482 No No - - -    
Chromium: CVE-2023-5849 Integer overflow in USB
CVE-2023-5849 No No - - -    
Chromium: CVE-2023-5850 Incorrect security UI in Downloads
CVE-2023-5850 No No - - -    
Chromium: CVE-2023-5851 Inappropriate implementation in Downloads
CVE-2023-5851 No No - - -    
Chromium: CVE-2023-5852 Use after free in Printing
CVE-2023-5852 No No - - -    
Chromium: CVE-2023-5853 Incorrect security UI in Downloads
CVE-2023-5853 No No - - -    
Chromium: CVE-2023-5854 Use after free in Profiles
CVE-2023-5854 No No - - -    
Chromium: CVE-2023-5855 Use after free in Reading Mode
CVE-2023-5855 No No - - -    
Chromium: CVE-2023-5856 Use after free in Side Panel
CVE-2023-5856 No No - - -    
Chromium: CVE-2023-5857 Inappropriate implementation in Downloads
CVE-2023-5857 No No - - -    
Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider
CVE-2023-5858 No No - - -    
Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture
CVE-2023-5859 No No - - -    
Chromium: CVE-2023-5996 Use after free in WebAudio
CVE-2023-5996 No No - - -    
DHCP Server Service Denial of Service Vulnerability
CVE-2023-36392 No No - - Important 7.5 6.5
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36410 No No - - Important 7.6 6.6
CVE-2023-36031 No No - - Important 7.6 6.6
CVE-2023-36016 No No - - Important 6.2 5.4
Microsoft Dynamics 365 Sales Spoofing Vulnerability
CVE-2023-36030 No No - - Important 6.1 5.3
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-36024 No No Less Likely Less Likely Important 7.1 6.2
CVE-2023-36027 No No Less Likely Less Likely Important 7.1 6.2
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-36034 No No Less Likely Less Likely Moderate 7.3 6.4
CVE-2023-36022 No No Less Likely Less Likely Moderate 6.6 5.8
CVE-2023-36014 No No Less Likely Less Likely Moderate 7.3 6.4
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-36029 No No Less Likely Less Likely Moderate 4.3 3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36041 No No - - Important 7.8 6.8
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36037 No No - - Important 7.8 6.8
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36439 No No - - Important 8.0 7.0
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36050 No No - - Important 8.0 7.0
CVE-2023-36039 No No - - Important 8.0 7.0
CVE-2023-36035 No No - - Important 8.0 7.0
Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability
CVE-2023-38151 No No - - Important 8.8 7.7
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2023-36428 No No - - Important 5.5 4.8
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-36045 No No - - Important 7.8 6.8
Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-36413 Yes No - - Important 6.5 5.7
Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability
CVE-2023-36021 No No - - Important 8.0 7.0
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-36028 No No - - Important 9.8 8.5
Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36423 No No - - Important 7.2 6.3
CVE-2023-36401 No No - - Important 7.2 6.3
Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability
CVE-2023-36007 No No - - Important 7.6 6.6
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-38177 No No - - Important 6.1 5.3
Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability
CVE-2023-36719 No No - - Important 8.4 7.3
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36402 No No - - Important 8.8 7.7
Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-36422 No No - - Important 7.8 6.8
Mitre: CVE-2023-24023 Bluetooth Vulnerability
CVE-2023-24023 No No - - Important    
Open Management Infrastructure Information Disclosure Vulnerability
CVE-2023-36043 No No - - Important 6.5 6.1
Visual Studio Code Jupyter Extension Spoofing Vulnerability
CVE-2023-36018 No No - - Important 7.8 6.8
Visual Studio Denial of Service Vulnerability
CVE-2023-36042 No No - - Important 6.2 5.4
Windows Authentication Denial of Service Vulnerability
CVE-2023-36046 No No - - Important 7.1 6.2
Windows Authentication Elevation of Privilege Vulnerability
CVE-2023-36047 No No - - Important 7.8 6.8
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36036 No Yes - - Important 7.8 7.2
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36424 No No - - Important 7.8 6.8
Windows Compressed Folder Remote Code Execution Vulnerability
CVE-2023-36396 No No - - Important 7.8 6.8
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2023-36033 Yes Yes - - Important 7.8 7.0
Windows Deployment Services Denial of Service Vulnerability
CVE-2023-36395 No No - - Important 7.5 6.5
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-36425 No No - - Important 8.0 7.0
Windows HMAC Key Derivation Elevation of Privilege Vulnerability
CVE-2023-36400 No No - - Critical 8.8 7.7
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36427 No No - - Important 7.0 6.1
CVE-2023-36408 No No - - Important 7.8 6.8
CVE-2023-36407 No No - - Important 7.8 6.8
Windows Hyper-V Information Disclosure Vulnerability
CVE-2023-36406 No No - - Important 5.5 4.8
Windows Installer Elevation of Privilege Vulnerability
CVE-2023-36705 No No - - Important 7.8 6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36405 No No - - Important 7.0 6.1
CVE-2023-36403 No No - - Important 7.0 6.1
Windows Kernel Information Disclosure Vulnerability
CVE-2023-36404 No No - - Important 5.5 4.8
Windows NTFS Information Disclosure Vulnerability
CVE-2023-36398 No No - - Important 6.5 5.7
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-36397 No No - - Critical 9.8 8.5
Windows Scripting Engine Memory Corruption Vulnerability
CVE-2023-36017 No No - - Important 8.8 7.7
Windows Search Service Elevation of Privilege Vulnerability
CVE-2023-36394 No No - - Important 7.0 6.1
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36025 No Yes - - Important 8.8 8.2
Windows Storage Elevation of Privilege Vulnerability
CVE-2023-36399 No No - - Important 7.1 6.2
Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-36393 No No - - Important 7.8 6.8

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords:
0 comment(s)
My next class:

Comments


Diary Archives