Microsoft Patch Tuesday – November 2023

This month, Microsoft released patches addressing 78 CVEs, including 3 zero-days + 2 publicly disclosed and 3 criticals. Let’s briefly review them!

CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability

The first zero-day looks more like a bypass than a privilege escalation. An attacker can bypass Windows Defender SmartScreen checks and other prompts. This bug is likely being used in conjunction with an exploit that normally would be stopped by SmartScreen, so the attack scenario might be a phishing campaign to evade user prompts that would prevent it.

CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability

The second zero-day allows a privilege escalation through the Windows Desktop Manager (WDM). An attacker who uses this can gain SYSTEM privileges. No other details are known yet.

CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

The last zero-day is another privilege escalation bug, and like the previous one, exploitation leads to SYSTEM privileges. This driver is used for managing and facilitating the operations of cloud-stored files. It’s loaded by default on just about every version of Windows, so it provides a broad attack surface.

CVE-2023-36397 – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

This critical bug, with 9.8 CVSS, would allow a remote, unauthenticated attacker to execute code with elevated privileges without user interaction. If you have the Windows message queuing service running in a PGM Server environment, you are affected. Test and apply ASAP.

CVE-2023-36400 – Windows HMAC Key Derivation Elevation of Privilege Vulnerability

The other Critical rated patch is a privilege escalation in the Windows Hash-based Message Authentication Code (HMAC) that could allow a guest on Hyper-V to execute code on the underlying host OS. Fortunately, this is a local-only attack. However, if one guest can take over the host, they could do anything they wanted to other guest OSes on that server.

CVE-2023-36052 – Azure CLI REST Command Information Disclosure Vulnerability

Info disclosure vulnerabilities rarely get a Critical rating, but using this one an attacker could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions. If you are using the affected CLI commands, you must update the Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability.

Summary

Below you can see the most important CVEs released by Microsoft in November 2023. Besides the vulnerabilities already mentioned, please focus a little on Exchange bugs, installing the patch isn’t enough, and post-install steps listed here to enable the Serialized Data Signing feature are needed.

CVE NumberCVE TitleSeverity (CVSS score)Attack VectorAttack ComplexityPrivileges RequiredUser interactionExploit Code MaturityApplicable for
CVE-2023-36025Windows SmartScreen Security Feature Bypass VulnerabilityImportant (8.8)NetworkLowNoneRequiredExploitedWindows 10+
Windows Server 2008+
CVE-2023-36033Windows DWM Core Library Elevation of Privilege Vulnerability Important (7.8)LocalLowLowRequiredExploitedWindows 10+
Windows Server 2019+
CVE-2023-36036Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant (7.8)LocalLowLowNoneExploitedWindows 10+
Windows Server 2008+
CVE-2023-36038ASP.NET Core Denial of Service VulnerabilityImportant (8.2)NetworkLowNoneNonePublicly disclosed
ASP.NET Core 8.0 & .NET 8.0
Microsoft Visual Studio 2022 17.7-
CVE-2023-36413Microsoft Office Security Feature Bypass VulnerabilityImportant (6.5)NetworkLowNoneRequiredPublicly disclosedOffice 2016
Office 2019
Office LTSC 2021
Microsoft 365 Apps
CVE-2023-36397Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical (9.8)NetworkLowNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-36400Windows HMAC Key Derivation Elevation of Privilege VulnerabilityCritical (8.8)LocalLowLowNoneUnprovenWindows 10+
Windows Server 2016+
CVE-2023-36052Azure CLI REST Command Information Disclosure Vulnerability Critical (8.6)NetworkLowNoneNoneUnprovenAzure CLI
CVE-2023-36028Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityImportant (9.8)NetworkLowNoneNoneUnprovenWindows 10+
Windows Server 2016+
CVE-2023-36560ASP.NET Security Feature Bypass VulnerabilityImportant (8.8)NetworkLowLowNoneUnproven.NET Framework 3.5 / 4.8 / 4.8.1 on Windows Server 2022 / Windows 11
.NET Framework 3.5 / 4.7.2 / 4.8 on Windows Server 2019
.NET Framework 3.5 / 4.6.2 / 4.7 / 4.7.1 / 4.7.2 / 4.8 on Windows Server 2012 / 2012 R2 / 2016
.NET Framework 3.5.1 / 4.6.2 / 4.7 / 4.7.1 / 4.7.2 / 4.8 on Windows Server 2008 R2
.NET Framework 2.0 SP2 / 3.0 SP2 / 4.6.2  on Windows Server 2008
.NET Framework 3.5 / 4.6 / 4.6.2 / 4.7.2 / 4.8 / 4.8.1 on Windows 10
CVE-2023-36437Azure DevOps Server Remote Code Execution VulnerabilityImportant (8.8)NetworkLowLowNoneUnprovenAzure Pipelines Agent
CVE-2023-38151Microsoft Host Integration Server 2020 Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnprovenHost Integration Server 2020
Microsoft OLE DB Provider for DB2 V7
CVE-2023-36402Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnprovenWindows 10+
Windows Server 2008+
CVE-2023-36017Windows Scripting Engine Memory Corruption VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnprovenWindows 10+
Windows Server 2008 R2+
CVE-2023-36719Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege VulnerabilityImportant (8.4)LocalLowNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-36425Windows Distributed File System (DFS) Remote Code Execution VulnerabilityImportant (8.0)NetworkHighHighNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-36439Microsoft Exchange Server Remote Code Execution VulnerabilityImportant (8.0)AdjacentLowLowNoneUnprovenExchange 2016 CU23
Exchange 2019 CU12+
CVE-2023-36035Microsoft Exchange Server Spoofing VulnerabilityImportant (8.0)AdjacentLowLowNoneUnprovenExchange 2016 CU23
Exchange 2019 CU12+
CVE-2023-36039Microsoft Exchange Server Spoofing VulnerabilityImportant (8.0)AdjacentLowLowNoneUnprovenExchange 2016 CU23
Exchange 2019 CU12+
CVE-2023-36050Microsoft Exchange Server Spoofing VulnerabilityImportant (8.0)AdjacentLowLowNoneUnprovenExchange 2016 CU23
Exchange 2019 CU12+
CVE-2023-36021 Microsoft On-Prem Data Gateway Security Feature Bypass VulnerabilityImportant (8.0)NetworkLowLowRequiredUnprovenOn-Prem Data Gateway

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top