Microsoft Monthly Security Update (November 2023)
Microsoft has released monthly security update for their products:
Vulnerable Product | Risk Level | Impacts | Notes |
Browser | Remote Code Execution Elevation of Privilege Spoofing | ||
Azure | Remote Code Execution Information Disclosure Security Restriction Bypass | ||
Windows | Elevation of Privilege Information Disclosure Remote Code Execution Denial of Service Spoofing Security Restriction Bypass | CVE-2023-36025 is being exploited in the wild. The vulnerability allows a malicious internet shortcut to bypass secuirty checks and warnings.
CVE-2023-36033 is being exploited in the wild. The vulnerability can be expoloited to gain SYSTEM privileges.
CVE-2023-36036 is being exploited in the wild. The vulnerability can be exploited to gain SYSTEM privileges. | |
Extended Security Updates (ESU) | Elevation of Privilege Information Disclosure Remote Code Execution Denial of Service Security Restriction Bypass | CVE-2023-36025 is being exploited in the wild. The vulnerability allows a malicious internet shortcut to bypass secuirty checks and warnings.
CVE-2023-36033 is being exploited in the wild. The vulnerability can be expoloited to gain SYSTEM privileges.
CVE-2023-36036 is being exploited in the wild. The vulnerability can be exploited to gain SYSTEM privileges. | |
Developer Tools | Security Restriction Bypass Elevation of Privilege Denial of Service Spoofing | ||
System Center | Elevation of Privilege Information Disclosure | ||
Microsoft Office | Security Restriction Bypass Remote Code Execution | ||
Microsoft Dynamics | Spoofing | ||
Exchange Server | Remote Code Execution Spoofing | ||
Mariner | Denial of Service |
Number of ‘Extremely High Risk’ product(s): 0
Number of ‘High Risk’ product(s): 2
Number of ‘Medium Risk’ product(s): 6
Number of ‘Low Risk’ product(s): 2
Evaluation of overall ‘Risk Level’: High Risk
RISK: High Risk
TYPE: Operating Systems – Windows OS
Impact
- Remote Code Execution
- Denial of Service
- Elevation of Privilege
- Information Disclosure
- Security Restriction Bypass
- Spoofing
System / Technologies affected
- Browser
- Windows
- Extended Security Updates (ESU)
- Developer Tools
- Azure
- Microsoft Office
- SQL Server
- Microsoft Dynamics
- Exchange Server
- Mariner
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.