sábado, dezembro 9, 2023
HomeCyber Security
Cyber Security

Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws

By admin_pf_2023
0
10


Patch Tuesday

Immediately is Microsoft’s November 2023 Patch Tuesday, which incorporates safety updates for a complete of 58 flaws and 5 zero-day vulnerabilities.

Whereas fourteen distant code execution (RCE) bugs have been mounted, Microsoft solely rated one as important. The three important flaws mounted at this time are an Azure info disclosure bug, an RCE in Home windows Web Connection Sharing (ICS), and a Hyper-V escape flaw that permits the executions of packages on the host with SYSTEM privileges.

The variety of bugs in every vulnerability class is listed under:

  • 26 Elevation of Privilege Vulnerabilities
  • 3 Safety Function Bypass Vulnerabilities
  • 45 Distant Code Execution Vulnerabilities
  • 12 Data Disclosure Vulnerabilities
  • 17 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerabilities

The full depend of 58 flaws doesn’t embrace 5 Mariner safety updates and 20 Microsoft Edge safety updates launched earlier this month.

To be taught extra concerning the non-security updates launched at this time, you’ll be able to assessment our devoted articles on the brand new Home windows 11 KB5032190 cumulative replace and Home windows 10 KB5032189 cumulative replace.

5 zero-days mounted

This month’s Patch Tuesday fixes 5 zero-day vulnerabilities, with three exploited in assaults and three publicly disclosed.

Microsoft classifies a vulnerability as a zero-day whether it is publicly disclosed or actively exploited with no official repair obtainable.

The three actively exploited zero-day vulnerabilities in at this time’s updates are:

CVE-2023-36036 – Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability

Microsoft has mounted an actively exploited Home windows Cloud Information Mini Filter Elevation of Privileges bug.

“An attacker who efficiently exploited this vulnerability may achieve SYSTEM privileges,” explains Microsoft.

It isn’t identified how the flaw was abused in assaults or by what menace actor.

The flaw was found internally by the Microsoft Risk Intelligence Microsoft Safety Response Heart.

CVE-2023-36033 – Home windows DWM Core Library Elevation of Privilege Vulnerability

Microsoft has mounted an actively exploited and publicly disclosed Home windows DWM Core Library vulnerability that can be utilized to raise privileges to SYSTEM.

“An attacker who efficiently exploited this vulnerability may achieve SYSTEM privileges,” explains Microsoft.

Microsoft says that the flaw was found by Quan Jin(@jq0904) with DBAPPSecurity WeBin Lab however didn’t share particulars on how they have been utilized in assaults.

CVE-2023-36025 – Home windows SmartScreen Safety Function Bypass Vulnerability

Microsoft has mounted an actively exploited Home windows SmartScreen flaw that permits a malicious Web Shortcut to bypass safety checks and warnings.

“The attacker would have the ability to bypass Home windows Defender SmartScreen checks and their related prompts,” explains Microsoft.

“The consumer must click on on a specifically crafted Web Shortcut (.URL) or a hyperlink pointing to an Web Shortcut file to be compromised by the attacker,” continues Microsoft.

Microsoft says that the flaw was found by Will Metcalf (Splunk), Microsoft Risk Intelligence, and the Microsoft Workplace Product Group Safety Workforce.

BleepingComputer contacted Splunk concerning the flaw to be taught the way it was exploited.

As well as, Microsoft says that two different publicly disclosed zero-day bugs, ‘CVE-2023-36413 – Microsoft Workplace Safety Function Bypass Vulnerability’ and the ‘CVE-2023-36038 — ASP.NET Core Denial of Service Vulnerability,’ have been additionally mounted as a part of at this time’s Patch Tuesday.

Nevertheless, Microsoft says that they weren’t actively exploited in assaults.

Latest updates from different corporations

Different distributors who launched updates or advisories in November 2023 embrace:

The November 2023 Patch Tuesday Safety Updates

Beneath is the whole listing of resolved vulnerabilities within the November 2023 Patch Tuesday updates.

To entry the total description of every vulnerability and the techniques it impacts, you’ll be able to view the full report right here.

Tag CVE ID CVE Title Severity
.NET Framework CVE-2023-36049 .NET, .NET Framework, and Visible Studio Elevation of Privilege Vulnerability Essential
ASP.NET CVE-2023-36560 ASP.NET Safety Function Bypass Vulnerability Essential
ASP.NET CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability Essential
ASP.NET CVE-2023-36558 ASP.NET Core – Safety Function Bypass Vulnerability Essential
Azure CVE-2023-36052 Azure CLI REST Command Data Disclosure Vulnerability Important
Azure CVE-2023-38151 Microsoft Host Integration Server 2020 Distant Code Execution Vulnerability Essential
Azure CVE-2023-36021 Microsoft On-Prem Knowledge Gateway Safety Function Bypass Vulnerability Essential
Azure DevOps CVE-2023-36437 Azure DevOps Server Distant Code Execution Vulnerability Essential
Mariner CVE-2020-1747 Unknown Unknown
Mariner CVE-2023-46316 Unknown Unknown
Mariner CVE-2023-46753 Unknown Unknown
Mariner CVE-2020-8554 Unknown Unknown
Mariner CVE-2020-14343 Unknown Unknown
Microsoft Bluetooth Driver CVE-2023-24023 Mitre: CVE-2023-24023 Bluetooth Vulnerability Essential
Microsoft Dynamics CVE-2023-36016 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Essential
Microsoft Dynamics CVE-2023-36007 Microsoft Ship Buyer Voice survey from Dynamics 365 Spoofing Vulnerability Essential
Microsoft Dynamics CVE-2023-36031 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Essential
Microsoft Dynamics CVE-2023-36410 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Essential
Microsoft Dynamics 365 Gross sales CVE-2023-36030 Microsoft Dynamics 365 Gross sales Spoofing Vulnerability Essential
Microsoft Edge (Chromium-based) CVE-2023-36014 Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability Average
Microsoft Edge (Chromium-based) CVE-2023-5996 Chromium: CVE-2023-5996 Use after free in WebAudio Unknown
Microsoft Edge (Chromium-based) CVE-2023-36022 Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability Average
Microsoft Edge (Chromium-based) CVE-2023-36027 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Essential
Microsoft Edge (Chromium-based) CVE-2023-36029 Microsoft Edge (Chromium-based) Spoofing Vulnerability Average
Microsoft Edge (Chromium-based) CVE-2023-5480 Chromium: CVE-2023-5480 Inappropriate implementation in Funds Unknown
Microsoft Edge (Chromium-based) CVE-2023-5856 Chromium: CVE-2023-5856 Use after free in Facet Panel Unknown
Microsoft Edge (Chromium-based) CVE-2023-5855 Chromium: CVE-2023-5855 Use after free in Studying Mode Unknown
Microsoft Edge (Chromium-based) CVE-2023-5854 Chromium: CVE-2023-5854 Use after free in Profiles Unknown
Microsoft Edge (Chromium-based) CVE-2023-5859 Chromium: CVE-2023-5859 Incorrect safety UI in Image In Image Unknown
Microsoft Edge (Chromium-based) CVE-2023-5858 Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Supplier Unknown
Microsoft Edge (Chromium-based) CVE-2023-5857 Chromium: CVE-2023-5857 Inappropriate implementation in Downloads Unknown
Microsoft Edge (Chromium-based) CVE-2023-5850 Chromium: CVE-2023-5850 Incorrect safety UI in Downloads Unknown
Microsoft Edge (Chromium-based) CVE-2023-5849 Chromium: CVE-2023-5849 Integer overflow in USB Unknown
Microsoft Edge (Chromium-based) CVE-2023-5482 Chromium: CVE-2023-5482 Inadequate information validation in USB Unknown
Microsoft Edge (Chromium-based) CVE-2023-5853 Chromium: CVE-2023-5853 Incorrect safety UI in Downloads Unknown
Microsoft Edge (Chromium-based) CVE-2023-5852 Chromium: CVE-2023-5852 Use after free in Printing Unknown
Microsoft Edge (Chromium-based) CVE-2023-5851 Chromium: CVE-2023-5851 Inappropriate implementation in Downloads Unknown
Microsoft Edge (Chromium-based) CVE-2023-36024 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Essential
Microsoft Edge (Chromium-based) CVE-2023-36034 Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability Average
Microsoft Change Server CVE-2023-36439 Microsoft Change Server Distant Code Execution Vulnerability Essential
Microsoft Change Server CVE-2023-36050 Microsoft Change Server Spoofing Vulnerability Essential
Microsoft Change Server CVE-2023-36039 Microsoft Change Server Spoofing Vulnerability Essential
Microsoft Change Server CVE-2023-36035 Microsoft Change Server Spoofing Vulnerability Essential
Microsoft Workplace CVE-2023-36413 Microsoft Workplace Safety Function Bypass Vulnerability Essential
Microsoft Workplace CVE-2023-36045 Microsoft Workplace Graphics Distant Code Execution Vulnerability Essential
Microsoft Workplace Excel CVE-2023-36041 Microsoft Excel Distant Code Execution Vulnerability Essential
Microsoft Workplace Excel CVE-2023-36037 Microsoft Excel Safety Function Bypass Vulnerability Essential
Microsoft Workplace SharePoint CVE-2023-38177 Microsoft SharePoint Server Distant Code Execution Vulnerability Essential
Microsoft Distant Registry Service CVE-2023-36423 Microsoft Distant Registry Service Distant Code Execution Vulnerability Essential
Microsoft Distant Registry Service CVE-2023-36401 Microsoft Distant Registry Service Distant Code Execution Vulnerability Essential
Microsoft WDAC OLE DB supplier for SQL CVE-2023-36402 Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability Essential
Microsoft Home windows Search Element CVE-2023-36394 Home windows Search Service Elevation of Privilege Vulnerability Essential
Microsoft Home windows Speech CVE-2023-36719 Microsoft Speech Software Programming Interface (SAPI) Elevation of Privilege Vulnerability Essential
Open Administration Infrastructure CVE-2023-36043 Open Administration Infrastructure Data Disclosure Vulnerability Essential
Pill Home windows Person Interface CVE-2023-36393 Home windows Person Interface Software Core Distant Code Execution Vulnerability Essential
Visible Studio CVE-2023-36042 Visible Studio Denial of Service Vulnerability Essential
Visible Studio Code CVE-2023-36018 Visible Studio Code Jupyter Extension Spoofing Vulnerability Essential
Home windows Authentication Strategies CVE-2023-36047 Home windows Authentication Elevation of Privilege Vulnerability Essential
Home windows Authentication Strategies CVE-2023-36428 Microsoft Native Safety Authority Subsystem Service Data Disclosure Vulnerability Essential
Home windows Authentication Strategies CVE-2023-36046 Home windows Authentication Denial of Service Vulnerability Essential
Home windows Cloud Information Mini Filter Driver CVE-2023-36036 Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability Essential
Home windows Frequent Log File System Driver CVE-2023-36424 Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability Essential
Home windows Compressed Folder CVE-2023-36396 Home windows Compressed Folder Distant Code Execution Vulnerability Essential
Home windows Defender CVE-2023-36422 Microsoft Home windows Defender Elevation of Privilege Vulnerability Essential
Home windows Deployment Providers CVE-2023-36395 Home windows Deployment Providers Denial of Service Vulnerability Essential
Home windows DHCP Server CVE-2023-36392 DHCP Server Service Denial of Service Vulnerability Essential
Home windows Distributed File System (DFS) CVE-2023-36425 Home windows Distributed File System (DFS) Distant Code Execution Vulnerability Essential
Home windows DWM Core Library CVE-2023-36033 Home windows DWM Core Library Elevation of Privilege Vulnerability Essential
Home windows HMAC Key Derivation CVE-2023-36400 Home windows HMAC Key Derivation Elevation of Privilege Vulnerability Important
Home windows Hyper-V CVE-2023-36427 Home windows Hyper-V Elevation of Privilege Vulnerability Essential
Home windows Hyper-V CVE-2023-36407 Home windows Hyper-V Elevation of Privilege Vulnerability Essential
Home windows Hyper-V CVE-2023-36406 Home windows Hyper-V Data Disclosure Vulnerability Essential
Home windows Hyper-V CVE-2023-36408 Home windows Hyper-V Elevation of Privilege Vulnerability Essential
Home windows Installer CVE-2023-36705 Home windows Installer Elevation of Privilege Vulnerability Essential
Home windows Web Connection Sharing (ICS) CVE-2023-36397 Home windows Pragmatic Basic Multicast (PGM) Distant Code Execution Vulnerability Important
Home windows Kernel CVE-2023-36405 Home windows Kernel Elevation of Privilege Vulnerability Essential
Home windows Kernel CVE-2023-36404 Home windows Kernel Data Disclosure Vulnerability Essential
Home windows Kernel CVE-2023-36403 Home windows Kernel Elevation of Privilege Vulnerability Essential
Home windows NTFS CVE-2023-36398 Home windows NTFS Data Disclosure Vulnerability Essential
Home windows Protected EAP (PEAP) CVE-2023-36028 Microsoft Protected Extensible Authentication Protocol (PEAP) Distant Code Execution Vulnerability Essential
Home windows Scripting CVE-2023-36017 Home windows Scripting Engine Reminiscence Corruption Vulnerability Essential
Home windows SmartScreen CVE-2023-36025 Home windows SmartScreen Safety Function Bypass Vulnerability Essential
Home windows Storage CVE-2023-36399 Home windows Storage Elevation of Privilege Vulnerability Essential



Previous articleRetool’s State of AI Report Highlights the Rise of Vector Databases
Next articleAmazon has begun changing Android with its personal software program on some merchandise
admin_pf_2023http://porfectlife.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Load more

About Us

porfectlife is your technology, nanotechnology, green technology and drones website. we provide you with the latest breaking news and videos straight from tech industry.

Copyright 2023 © porfectlife.com. All rights reserved.