Security News

Microsoft Security Bulletin Coverage for November 2023

By

Overview

Microsoft’s November 2023 Patch Tuesday has 57 vulnerabilities, and 15 of them are remote code execution vulnerabilities. The vulnerabilities can be classified into the following categories:

  • 17 Elevation of Privilege Vulnerabilities
  • 5 Security Feature Bypass Vulnerabilities
  • 15 Remote Code Execution Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 9 Spoofing Vulnerability

Figure 1: A pie chart breaking down the vulnerabilities by category.

The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2023 and has produced coverage for six of the reported vulnerabilities.

Vulnerabilities with Detections

CVE-2023-36033   Windows DWM Core Library Elevation of Privilege Vulnerability
ASPY 505 Exploit-exe exe.MP_351
CVE-2023-36036   Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
ASPY 506 Exploit-exe exe.MP_352
CVE-2023-36394   Windows Search Service Elevation of Privilege Vulnerability
ASPY 504 Exploit-exe exe.MP_350
CVE-2023-36399   Windows Storage Elevation of Privilege Vulnerability
ASPY 503 Exploit-exe exe.MP_349
CVE-2023-36413   Microsoft Office Security Feature Bypass Vulnerability
ASPY 507 Malformed-docx docx.MP_10
CVE-2023-36424   Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 502 Exploit-exe exe.MP_348

Remote Code Execution Vulnerabilities

CVE-2023-36017   Windows Scripting Engine Memory Corruption Vulnerability
CVE-2023-36028   Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-36041   Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36045   Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-36393   Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-36396   Windows Compressed Folder Remote Code Execution Vulnerability
CVE-2023-36397   Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-36401   Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36402   Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36423   Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36425   Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-36437   Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-36439   Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38151   Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability
CVE-2023-38177   Microsoft SharePoint Server Remote Code Execution Vulnerability

Elevation of Privilege Vulnerabilities

CVE-2023-36033   Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2023-36036   Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36047   Windows Authentication Elevation of Privilege Vulnerability
CVE-2023-36049   .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36394   Windows Search Service Elevation of Privilege Vulnerability
CVE-2023-36399   Windows Storage Elevation of Privilege Vulnerability
CVE-2023-36400   Windows HMAC Key Derivation Elevation of Privilege Vulnerability
CVE-2023-36403   Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36405   Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36407   Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36408   Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36422   Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-36424   Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36427   Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36558   ASP.NET Core – Security Feature Bypass Vulnerability
CVE-2023-36705   Windows Installer Elevation of Privilege Vulnerability
CVE-2023-36719   Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

Denial of Service Vulnerabilities

CVE-2023-36038   ASP.NET Core Denial of Service Vulnerability
CVE-2023-36042   Visual Studio Denial of Service Vulnerability
CVE-2023-36046   Windows Authentication Denial of Service Vulnerability
CVE-2023-36392   DHCP Server Service Denial of Service Vulnerability
CVE-2023-36395   Windows Deployment Services Denial of Service Vulnerability
Information Disclosure Vulnerabilities
CVE-2023-36043   Open Management Infrastructure Information Disclosure Vulnerability
CVE-2023-36052   Azure CLI REST Command Information Disclosure Vulnerability
CVE-2023-36398   Windows NTFS Information Disclosure Vulnerability
CVE-2023-36404   Windows Kernel Information Disclosure Vulnerability
CVE-2023-36406   Windows Hyper-V Information Disclosure Vulnerability
CVE-2023-36428   Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

Security Feature Bypass Vulnerabilities

CVE-2023-36021   Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability
CVE-2023-36025   Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36037   Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36413   Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-36560   ASP.NET Security Feature Bypass Vulnerability

Spoofing Vulnerabilities

CVE-2023-36007   Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability
CVE-2023-36016   Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36018   Visual Studio Code Jupyter Extension Spoofing Vulnerability
CVE-2023-36030   Microsoft Dynamics 365 Sales Spoofing Vulnerability
CVE-2023-36031   Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36035   Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36039   Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36050   Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36410   Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Apache Struts2 Remote Command Execution (July 29, 2010)
New Adobe Flash Player exploit (May 4, 2012)
Microsoft Internet Explorer Memory Corruption Vulnerability (Aug 18, 2015)
Cross-site scripting vulnerability in CUPS web interface (June 20, 2014)
Elmers Glue Locker demands $35k but fails to encrypt! (May 26th, 2017)
Fenrir Ransomware pretends to be Adobe Acrobat Reader
Microsoft Security Bulletin Coverage (Nov 8, 2011)
Microsoft Security Bulletin Coverage for December 2023