Microsoft Monthly Security Update (November 2023)

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Spoofing
 
AzureMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Security Restriction Bypass
 
WindowsHigh Risk High RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Denial of Service
Spoofing
Security Restriction Bypass

CVE-2023-36025 is being exploited in the wild. The vulnerability allows a malicious internet shortcut to bypass secuirty checks and warnings.

 

CVE-2023-36033 is being exploited in the wild. The vulnerability can be expoloited to gain SYSTEM privileges. 

 

CVE-2023-36036 is being exploited in the wild. The vulnerability can be exploited to gain SYSTEM privileges. 

 

Extended Security Updates (ESU)

High Risk High RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Denial of Service
Security Restriction Bypass

CVE-2023-36025 is being exploited in the wild. The vulnerability allows a malicious internet shortcut to bypass secuirty checks and warnings.

 

CVE-2023-36033 is being exploited in the wild. The vulnerability can be expoloited to gain SYSTEM privileges. 

 

CVE-2023-36036 is being exploited in the wild. The vulnerability can be exploited to gain SYSTEM privileges. 

Developer ToolsMedium Risk Medium RiskSecurity Restriction Bypass
Elevation of Privilege
Denial of Service
Spoofing
 
System CenterMedium Risk Medium RiskElevation of Privilege
Information Disclosure
 
Microsoft OfficeMedium Risk Medium RiskSecurity Restriction Bypass
Remote Code Execution
 
Microsoft DynamicsLow Risk Low RiskSpoofing 
Exchange ServerMedium Risk Medium RiskRemote Code Execution
Spoofing
 
MarinerLow Risk Low RiskDenial of Service 

 

Number of ‘Extremely High Risk’ product(s): 0

Number of ‘High Risk’ product(s): 2

Number of ‘Medium Risk’ product(s): 6

Number of ‘Low Risk’ product(s): 2

Evaluation of overall ‘Risk Level’: High Risk

RISK: High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Remote Code Execution
  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Browser
  • Windows
  • Extended Security Updates (ESU)
  • Developer Tools
  • Azure
  • Microsoft Office
  • SQL Server
  • Microsoft Dynamics
  • Exchange Server
  • Mariner

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.