Nov 2023 Monthly Patch

Published on 15 Nov 2023 | Updated on 16 Nov 2023

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

Microsoft has also released security patches for three zero-day vulnerabilities impacting Windows products. The vulnerabilities are reportedly being actively exploited:

CVE-2023-36036: An elevation of privilege vulnerability affecting the Windows Cloud Files Mini Filter Driver. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges.
CVE-2023-36033: An elevation of privilege vulnerability affecting the Windows DWM Core Library. Successful exploitation of the vulnerability could allow an attacker to gain SYSTEM privileges.
CVE-2023-36025: A bypass vulnerability affecting the Windows SmartScreen Security Feature. Successful exploitation of the vulnerability could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2023-Nov 

CRITICAL VULNERABILITIES

CVE NumberCVE NameBase ScoreReference
CVE-2023-36397Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability9.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36397
CVE-2023-36400Windows HMAC Key Derivation Elevation of Privilege Vulnerability8.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36400
CVE-2023-36052Azure CLI REST Command Information Disclosure Vulnerability8.6https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36052