Microsoft has released its November 2023 Patch Tuesday, addressing a total of 63 security vulnerabilities in its software. This comprehensive update includes fixes for three actively exploited vulnerabilities, emphasizing the company’s commitment to thwarting cyber threats.
November 2023 Patch Tuesday: What Has Been Fixed?
Among the 63 flaws, three are classified as Critical, 56 as Important, and four as Moderate in severity. Notably, two vulnerabilities were publicly known at the time of release, underscoring the importance of swift action to protect systems.
Five Zero-Day Vulnerabilities
Five zero-day vulnerabilities have been highlighted in the November update, including noteworthy entries like CVE-2023-36025 (Windows SmartScreen Security Feature Bypass) and CVE-2023-36033 (Windows DWM Core Library Elevation of Privilege). The exploitation potential of these vulnerabilities is underscored by their respective CVSS scores, urging users to prioritize patching.
Significance of CVE-2023-36025
CVE-2023-36025, a Windows SmartScreen zero-day vulnerability, is particularly noteworthy as it marks the third such exploit in 2023 and the fourth in the past two years. Microsoft advises that users must interact with a specially crafted Internet Shortcut or hyperlink for exploitation, emphasizing the importance of cautious browsing habits.
While Microsoft has not provided detailed information on the attack methods or threat actors involved, the active exploitation prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to include these vulnerabilities in its Known Exploited Vulnerabilities catalog. Federal agencies are urged to apply the fixes by December 5, 2023, to mitigate risks effectively.
Additional Critical Fixes
Microsoft’s November update also addresses critical remote code execution flaws, such as CVE-2023-36028 and CVE-2023-36397, emphasizing the company’s commitment to strengthening authentication protocols. Furthermore, the patch tackles CVE-2023-38545, a critical heap-based buffer overflow in the curl library, and an information disclosure vulnerability in Azure CLI (CVE-2023-36052).
Conclusion
Microsoft’s November 2023 security patch signifies a proactive approach to cybersecurity, addressing a multitude of vulnerabilities and actively exploited flaws. Users are strongly encouraged to apply the patches promptly to fortify their systems against potential cyber threats and maintain a robust defense posture in an ever-evolving digital landscape.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: