Take action: This time it's not just about patching your Windows PC. Take the time to read through the advisory, since the vulnerable products are software library, drivers, office and other products. Plan for fast patching of the zero-day exploited issues. For the others, a standard patching discipline is prudent.

---

Learn More

Microsoft's Patch Tuesday for November 2023 addresses a total of 58 security vulnerabilities, including 5 zero-day flaws, with updates spanning across various Microsoft products.

In the latest update, Microsoft addressed three zero-day vulnerabilities that were being actively exploited:

1. CVE-2023-36036 This vulnerability in the Windows Cloud Files Mini Filter Driver, where an attacker could potentially elevate their privileges to SYSTEM level. While the exact usage of this flaw in cyberattacks is unclear, it was identified by Microsoft's internal security teams.
2. CVE-2023-36033 elevation of privilege issue in the Windows DWM Core Library. This vulnerability, which had been both actively exploited and publicly disclosed, could allow an attacker to also gain SYSTEM privileges.
3. CVE-2023-36025, A security feature bypass in Windows SmartScreen which allowed a malicious Internet Shortcut to circumvent security prompts. This flaw required user interaction, as clicking on a compromised Internet Shortcut would trigger the bypass.
4. CVE-2023-36413, a Microsoft Office security feature bypass, suspected of being exploited but with no evidence.
5. CVE-2023-36038 'an ASP.NET Core denial of service vulnerability, suspected of being exploited but with no evidence.

The November updates for Microsoft coveres a wide array of products beyond the Windows operating system, including server products, Microsoft Edge, and Microsoft Office. Microsoft also released a series of .NET updates, addressing vulnerabilities in various versions.

The affected areas included Azure, Windows Internet Connection Sharing, and Hyper-V, with the latter having the potential to allow code execution on the host system.

Tag	CVE ID	CVE Title	Severity
.NET Framework	CVE-2023-36049	.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability	Important
ASP.NET	CVE-2023-36560	ASP.NET Security Feature Bypass Vulnerability	Important
ASP.NET	CVE-2023-36038	ASP.NET Core Denial of Service Vulnerability	Important
ASP.NET	CVE-2023-36558	ASP.NET Core - Security Feature Bypass Vulnerability	Important
Azure	CVE-2023-36052	Azure CLI REST Command Information Disclosure Vulnerability	Critical
Azure	CVE-2023-38151	Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability	Important
Azure	CVE-2023-36021	Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability	Important
Azure DevOps	CVE-2023-36437	Azure DevOps Server Remote Code Execution Vulnerability	Important
Mariner	CVE-2020-1747	Unknown	Unknown
Mariner	CVE-2023-46316	Unknown	Unknown
Mariner	CVE-2023-46753	Unknown	Unknown
Mariner	CVE-2020-8554	Unknown	Unknown
Mariner	CVE-2020-14343	Unknown	Unknown
Microsoft Bluetooth Driver	CVE-2023-24023	Mitre: CVE-2023-24023 Bluetooth Vulnerability	Important
Microsoft Dynamics	CVE-2023-36016	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2023-36007	Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability	Important
Microsoft Dynamics	CVE-2023-36031	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2023-36410	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Important
Microsoft Dynamics 365 Sales	CVE-2023-36030	Microsoft Dynamics 365 Sales Spoofing Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2023-36014	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	Moderate
Microsoft Edge (Chromium-based)	CVE-2023-5996	Chromium: CVE-2023-5996 Use after free in WebAudio	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-36022	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	Moderate
Microsoft Edge (Chromium-based)	CVE-2023-36027	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2023-36029	Microsoft Edge (Chromium-based) Spoofing Vulnerability	Moderate
Microsoft Edge (Chromium-based)	CVE-2023-5480	Chromium: CVE-2023-5480 Inappropriate implementation in Payments	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5856	Chromium: CVE-2023-5856 Use after free in Side Panel	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5855	Chromium: CVE-2023-5855 Use after free in Reading Mode	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5854	Chromium: CVE-2023-5854 Use after free in Profiles	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5859	Chromium: CVE-2023-5859 Incorrect security UI in Picture In Picture	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5858	Chromium: CVE-2023-5858 Inappropriate implementation in WebApp Provider	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5857	Chromium: CVE-2023-5857 Inappropriate implementation in Downloads	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5850	Chromium: CVE-2023-5850 Incorrect security UI in Downloads	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5849	Chromium: CVE-2023-5849 Integer overflow in USB	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5482	Chromium: CVE-2023-5482 Insufficient data validation in USB	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5853	Chromium: CVE-2023-5853 Incorrect security UI in Downloads	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5852	Chromium: CVE-2023-5852 Use after free in Printing	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-5851	Chromium: CVE-2023-5851 Inappropriate implementation in Downloads	Unknown
Microsoft Edge (Chromium-based)	CVE-2023-36024	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	Important
Microsoft Edge (Chromium-based)	CVE-2023-36034	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	Moderate
Microsoft Exchange Server	CVE-2023-36439	Microsoft Exchange Server Remote Code Execution Vulnerability	Important
Microsoft Exchange Server	CVE-2023-36050	Microsoft Exchange Server Spoofing Vulnerability	Important
Microsoft Exchange Server	CVE-2023-36039	Microsoft Exchange Server Spoofing Vulnerability	Important
Microsoft Exchange Server	CVE-2023-36035	Microsoft Exchange Server Spoofing Vulnerability	Important
Microsoft Office	CVE-2023-36413	Microsoft Office Security Feature Bypass Vulnerability	Important
Microsoft Office	CVE-2023-36045	Microsoft Office Graphics Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2023-36041	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office Excel	CVE-2023-36037	Microsoft Excel Security Feature Bypass Vulnerability	Important
Microsoft Office SharePoint	CVE-2023-38177	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important
Microsoft Remote Registry Service	CVE-2023-36423	Microsoft Remote Registry Service Remote Code Execution Vulnerability	Important
Microsoft Remote Registry Service	CVE-2023-36401	Microsoft Remote Registry Service Remote Code Execution Vulnerability	Important
Microsoft WDAC OLE DB provider for SQL	CVE-2023-36402	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	Important
Microsoft Windows Search Component	CVE-2023-36394	Windows Search Service Elevation of Privilege Vulnerability	Important
Microsoft Windows Speech	CVE-2023-36719	Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability	Important
Open Management Infrastructure	CVE-2023-36043	Open Management Infrastructure Information Disclosure Vulnerability	Important
Tablet Windows User Interface	CVE-2023-36393	Windows User Interface Application Core Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2023-36042	Visual Studio Denial of Service Vulnerability	Important
Visual Studio Code	CVE-2023-36018	Visual Studio Code Jupyter Extension Spoofing Vulnerability	Important
Windows Authentication Methods	CVE-2023-36047	Windows Authentication Elevation of Privilege Vulnerability	Important
Windows Authentication Methods	CVE-2023-36428	Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability	Important
Windows Authentication Methods	CVE-2023-36046	Windows Authentication Denial of Service Vulnerability	Important
Windows Cloud Files Mini Filter Driver	CVE-2023-36036	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Important
Windows Common Log File System Driver	CVE-2023-36424	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Important
Windows Compressed Folder	CVE-2023-36396	Windows Compressed Folder Remote Code Execution Vulnerability	Important
Windows Defender	CVE-2023-36422	Microsoft Windows Defender Elevation of Privilege Vulnerability	Important
Windows Deployment Services	CVE-2023-36395	Windows Deployment Services Denial of Service Vulnerability	Important
Windows DHCP Server	CVE-2023-36392	DHCP Server Service Denial of Service Vulnerability	Important
Windows Distributed File System (DFS)	CVE-2023-36425	Windows Distributed File System (DFS) Remote Code Execution Vulnerability	Important
Windows DWM Core Library	CVE-2023-36033	Windows DWM Core Library Elevation of Privilege Vulnerability	Important
Windows HMAC Key Derivation	CVE-2023-36400	Windows HMAC Key Derivation Elevation of Privilege Vulnerability	Critical
Windows Hyper-V	CVE-2023-36427	Windows Hyper-V Elevation of Privilege Vulnerability	Important
Windows Hyper-V	CVE-2023-36407	Windows Hyper-V Elevation of Privilege Vulnerability	Important
Windows Hyper-V	CVE-2023-36406	Windows Hyper-V Information Disclosure Vulnerability	Important
Windows Hyper-V	CVE-2023-36408	Windows Hyper-V Elevation of Privilege Vulnerability	Important
Windows Installer	CVE-2023-36705	Windows Installer Elevation of Privilege Vulnerability	Important
Windows Internet Connection Sharing (ICS)	CVE-2023-36397	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	Critical
Windows Kernel	CVE-2023-36405	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2023-36404	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2023-36403	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows NTFS	CVE-2023-36398	Windows NTFS Information Disclosure Vulnerability	Important
Windows Protected EAP (PEAP)	CVE-2023-36028	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	Important
Windows Scripting	CVE-2023-36017	Windows Scripting Engine Memory Corruption Vulnerability	Important
Windows SmartScreen	CVE-2023-36025	Windows SmartScreen Security Feature Bypass Vulnerability	Important
Windows Storage	CVE-2023-36399	Windows Storage Elevation of Privilege Vulnerability	Important