- Join BJ's Wholesale Club for $20, and get a $20 gift card: Deal
- Delivering better business outcomes for CIOs
- Docker Desktop 4.35: Organization Access Tokens, Docker Home, Volumes Export, and Terminal in Docker Desktop | Docker
- Cybercriminals Exploit DocuSign APIs to Send Fake Invoices
- Your iPhone's next iOS 18.2 update may come earlier than usual - with these AI features
VERT Threat Alert: November 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th.
In-The-Wild & Disclosed CVEs
A vulnerability in the Microsoft Desktop Window Manager (DWM) could allow an attacker to gain SYSTEM level privileges. This vulnerability has been publicly disclosed and seen active exploitation. Microsoft has reported this vulnerability as Exploitation Detected.
Windows SmartScreen is the technology that pops up when running a file downloaded from the Internet with a blue background that says, “Windows protected your PC”. This technology is vulnerable to a bypass when opening Internet Shortcuts (files with a ‘.URL’ extension). When a user clicks on these files, malicious software may successfully bypass the SmartScreen warning prompts. Microsoft has reported this vulnerability as Exploitation Detected.
Microsoft has fixed an actively exploited vulnerability in the Windows Cloud Files Mini Filter Driver which could allow an attacker to gain SYSTEM level privileges. Microsoft has reported this vulnerability as Exploitation Detected.
A publicly disclosed vulnerability in Microsoft Office could allow an attacker to send a user a malicious file that, when opened, would bypass Office Protected View (protected mode) and open in editing mode. A user would need to willingly open the file with the malicious content. Microsoft has reported this vulnerability as Exploitation More Likely.
Microsoft has resolved a publicly disclosed vulnerability that could lead to a denial of service in ASP.NET Core when processing canceled HTTP requests. According to Microsoft, this only impacts .NET 8 RC 1 running on IIS. Microsoft has reported this vulnerability as Exploitation Less Likely.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per-tag basis. Vulnerabilities are also color-coded to aid in identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
Tag |
CVE Count |
CVEs |
Windows Hyper-V |
4 |
CVE-2023-36427, CVE-2023-36408, CVE-2023-36407, CVE-2023-36406 |
Windows HMAC Key Derivation |
1 |
CVE-2023-36400 |
Tablet Windows User Interface |
1 |
CVE-2023-36393 |
Windows Compressed Folder |
1 |
CVE-2023-36396 |
Open Management Infrastructure |
1 |
CVE-2023-36043 |
Windows Installer |
1 |
CVE-2023-36705 |
Visual Studio |
1 |
CVE-2023-36042 |
Microsoft Dynamics |
4 |
CVE-2023-36410, CVE-2023-36007, CVE-2023-36031, CVE-2023-36016 |
Windows Protected EAP (PEAP) |
1 |
CVE-2023-36028 |
Microsoft Remote Registry Service |
2 |
CVE-2023-36423, CVE-2023-36401 |
Microsoft Office SharePoint |
1 |
CVE-2023-38177 |
Visual Studio Code |
1 |
CVE-2023-36018 |
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2023-36036 |
Windows Deployment Services |
1 |
CVE-2023-36395 |
Windows Kernel |
3 |
CVE-2023-36405, CVE-2023-36404, CVE-2023-36403 |
Microsoft Bluetooth Driver |
1 |
CVE-2023-24023 |
Microsoft Windows Search Component |
1 |
CVE-2023-36394 |
Microsoft Exchange Server |
4 |
CVE-2023-36439, CVE-2023-36050, CVE-2023-36039, CVE-2023-36035 |
Microsoft Office |
2 |
CVE-2023-36413, CVE-2023-36045 |
Windows DWM Core Library |
1 |
CVE-2023-36033 |
Windows Defender |
1 |
CVE-2023-36422 |
Microsoft Dynamics 365 Sales |
1 |
CVE-2023-36030 |
Windows Internet Connection Sharing (ICS) |
1 |
CVE-2023-36397 |
Windows SmartScreen |
1 |
CVE-2023-36025 |
Windows Scripting |
1 |
CVE-2023-36017 |
Microsoft WDAC OLE DB provider for SQL |
1 |
CVE-2023-36402 |
.NET Framework |
1 |
CVE-2023-36049 |
Microsoft Windows Speech |
1 |
CVE-2023-36719 |
Azure |
3 |
CVE-2023-38151, CVE-2023-36052, CVE-2023-36021 |
Windows Authentication Methods |
3 |
CVE-2023-36428, CVE-2023-36046, CVE-2023-36047 |
Mariner |
5 |
CVE-2020-8554, CVE-2023-46753, CVE-2023-46316, CVE-2020-14343, CVE-2020-1747 |
ASP.NET |
3 |
CVE-2023-36560, CVE-2023-36558, CVE-2023-36038 |
Windows DHCP Server |
1 |
CVE-2023-36392 |
Windows Storage |
1 |
CVE-2023-36399 |
Microsoft Edge (Chromium-based) |
20 |
CVE-2023-5996, CVE-2023-36034, CVE-2023-36024, CVE-2023-36029, CVE-2023-36022, CVE-2023-36027, CVE-2023-36014, CVE-2023-5480, CVE-2023-5482, CVE-2023-5849, CVE-2023-5850, CVE-2023-5851, CVE-2023-5852, CVE-2023-5853, CVE-2023-5854, CVE-2023-5855, CVE-2023-5856, CVE-2023-5857, CVE-2023-5858, CVE-2023-5859 |
Microsoft Office Excel |
2 |
CVE-2023-36041, CVE-2023-36037 |
Azure DevOps |
1 |
CVE-2023-36437 |
Windows NTFS |
1 |
CVE-2023-36398 |
Windows Common Log File System Driver |
1 |
CVE-2023-36424 |
Windows Distributed File System (DFS) |
1 |
CVE-2023-36425 |
Other Information
At the time of publication, there were no new advisories included with the November Security Guidance.