VERT Threat Alert: November 2023 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th.

 

In-The-Wild & Disclosed CVEs

CVE-2023-36033

A vulnerability in the Microsoft Desktop Window Manager (DWM) could allow an attacker to gain SYSTEM level privileges. This vulnerability has been publicly disclosed and seen active exploitation. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2023-36025

Windows SmartScreen is the technology that pops up when running a file downloaded from the Internet with a blue background that says, “Windows protected your PC”. This technology is vulnerable to a bypass when opening Internet Shortcuts (files with a ‘.URL’ extension). When a user clicks on these files, malicious software may successfully bypass the SmartScreen warning prompts. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2023-36036

Microsoft has fixed an actively exploited vulnerability in the Windows Cloud Files Mini Filter Driver which could allow an attacker to gain SYSTEM level privileges. Microsoft has reported this vulnerability as Exploitation Detected.

CVE-2023-36413

A publicly disclosed vulnerability in Microsoft Office could allow an attacker to send a user a malicious file that, when opened, would bypass Office Protected View (protected mode) and open in editing mode. A user would need to willingly open the file with the malicious content. Microsoft has reported this vulnerability as Exploitation More Likely.

CVE-2023-36038

Microsoft has resolved a publicly disclosed vulnerability that could lead to a denial of service in ASP.NET Core when processing canceled HTTP requests. According to Microsoft, this only impacts .NET 8 RC 1 running on IIS. Microsoft has reported this vulnerability as Exploitation Less Likely.

 

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per-tag basis. Vulnerabilities are also color-coded to aid in identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
  •  

Tag

CVE Count

CVEs

Windows Hyper-V

4

CVE-2023-36427, CVE-2023-36408, CVE-2023-36407, CVE-2023-36406

Windows HMAC Key Derivation

1

CVE-2023-36400

Tablet Windows User Interface

1

CVE-2023-36393

Windows Compressed Folder

1

CVE-2023-36396

Open Management Infrastructure

1

CVE-2023-36043

Windows Installer

1

CVE-2023-36705

Visual Studio

1

CVE-2023-36042

Microsoft Dynamics

4

CVE-2023-36410, CVE-2023-36007, CVE-2023-36031, CVE-2023-36016

Windows Protected EAP (PEAP)

1

CVE-2023-36028

Microsoft Remote Registry Service

2

CVE-2023-36423, CVE-2023-36401

Microsoft Office SharePoint

1

CVE-2023-38177

Visual Studio Code

1

CVE-2023-36018

Windows Cloud Files Mini Filter Driver

1

CVE-2023-36036

Windows Deployment Services

1

CVE-2023-36395

Windows Kernel

3

CVE-2023-36405, CVE-2023-36404, CVE-2023-36403

Microsoft Bluetooth Driver

1

CVE-2023-24023

Microsoft Windows Search Component

1

CVE-2023-36394

Microsoft Exchange Server

4

CVE-2023-36439, CVE-2023-36050, CVE-2023-36039, CVE-2023-36035

Microsoft Office

2

CVE-2023-36413, CVE-2023-36045

Windows DWM Core Library

1

CVE-2023-36033

Windows Defender

1

CVE-2023-36422

Microsoft Dynamics 365 Sales

1

CVE-2023-36030

Windows Internet Connection Sharing (ICS)

1

CVE-2023-36397

Windows SmartScreen

1

CVE-2023-36025

Windows Scripting

1

CVE-2023-36017

Microsoft WDAC OLE DB provider for SQL

1

CVE-2023-36402

.NET Framework

1

CVE-2023-36049

Microsoft Windows Speech

1

CVE-2023-36719

Azure

3

CVE-2023-38151, CVE-2023-36052, CVE-2023-36021

Windows Authentication Methods

3

CVE-2023-36428, CVE-2023-36046, CVE-2023-36047

Mariner

5

CVE-2020-8554, CVE-2023-46753, CVE-2023-46316, CVE-2020-14343, CVE-2020-1747

ASP.NET

3

CVE-2023-36560, CVE-2023-36558, CVE-2023-36038

Windows DHCP Server

1

CVE-2023-36392

Windows Storage

1

CVE-2023-36399

Microsoft Edge (Chromium-based)

20

CVE-2023-5996, CVE-2023-36034, CVE-2023-36024, CVE-2023-36029, CVE-2023-36022, CVE-2023-36027, CVE-2023-36014, CVE-2023-5480, CVE-2023-5482, CVE-2023-5849, CVE-2023-5850, CVE-2023-5851, CVE-2023-5852, CVE-2023-5853, CVE-2023-5854, CVE-2023-5855, CVE-2023-5856, CVE-2023-5857, CVE-2023-5858, CVE-2023-5859

Microsoft Office Excel

2

CVE-2023-36041, CVE-2023-36037

Azure DevOps

1

CVE-2023-36437

Windows NTFS

1

CVE-2023-36398

Windows Common Log File System Driver

1

CVE-2023-36424

Windows Distributed File System (DFS)

1

CVE-2023-36425

 

Other Information

At the time of publication, there were no new advisories included with the November Security Guidance.



Source link