Nov 2023 Monthly Patch
Published on 15 Nov 2023
Microsoft has released security patches to address multiple vulnerabilities in their software and products.
The vulnerabilities that have been classified as Critical in severity are listed in the table below.
Microsoft has also released security patches for three zero-day vulnerabilities impacting Windows products. The vulnerabilities are reportedly being actively exploited:
CVE-2023-36036: An elevation of privilege vulnerability affecting the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges.
CVE-2023-36033: An elevation of privilege vulnerability affecting the Windows DWM Core Library. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges.
CVE-2023-36025: A bypass vulnerability affecting the Windows SmartScreen Security Feature. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.
Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.
For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2023-Nov
CRITICAL VULNERABILITIES
| CVE Number | CVE Name | Base Score | Reference |
|---|---|---|---|
| CVE-2023-36397 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36397 |
| CVE-2023-36400 | Windows HMAC Key Derivation Elevation of Privilege Vulnerability | 8.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36400 |
| CVE-2023-36052 | Azure CLI REST Command Information Disclosure Vulnerability | 8.6 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36052 |
