5 New Zero-day Vulnerabilities Patched in the Microsoft Security Update
Microsoft has released their security patches as part of their Patch Tuesday for November 2023. Microsoft has patched nearly 58 flaws, including 5 zero-day vulnerabilities.
The vulnerabilities were associated with Privilege Escalation (16), Remote code execution (15), Spoofing (11), Security Feature Bypass (6), Information Disclosure (6), and Denial of Service (5).
Microsoft also republished 15 non-Microsoft CVEs, which existent on Microsoft Bluetooth Driver and Microsoft Edge (Chromium-based) as mentioned in their release notes of November 2023.
Zero-Day Vulnerabilities
Microsoft mentioned three zero-day vulnerabilities as “Exploited Detected” as threat actors exploited them in the wild.
CVE-2023-36036 – Elevation of Privilege in Windows Cloud Files Mini Filter Driver
A threat actor could exploit this vulnerability and gain SYSTEM privilege to perform several malicious activities on the compromised system.
This vulnerability affected Microsoft Windows Server 2019, 32-bit Systems, x64-based Systems, ARM64-based Systems, Windows Server 2022, Windows 11 version 21H2, and many other Microsoft Products.
The severity for this vulnerability has been given as 7.8 (High). However, there was no additional information about this vulnerability, such as how it was exploited or by which threat actor.
CVE-2023-36025: Security Feature Bypass in Multiple Windows Products
This vulnerability can be exploited by an unauthorized threat actor who does not require any access or settings for attacking. However, to successfully exploit this vulnerability, a user interaction is required.
This vulnerability existed in multiple Microsoft products and was rated 8.8 (High). Microsoft provided no additional information about this zero-day vulnerability.
CVE-2023-36033: Elevation of Privilege in Windows DWM Core Library
This was another zero-day vulnerability mentioned by Microsoft, which a threat actor could exploit. However, no user interaction is required to exploit this vulnerability, but a basic user privilege is required to exploit this vulnerability.
This vulnerability was given a severity of 7.8 (High) and is found to exist on many Microsoft products. Microsoft provided no other additional information about this vulnerability.
| Tag | CVE | Base Score | Exploitability | FAQs? | Workarounds? | Mitigations? |
| Windows Protected EAP (PEAP) | CVE-2023-36028 | 9.8 | Exploitation Less Likely | Yes | No | Yes |
| Windows Internet Connection Sharing (ICS) | CVE-2023-36397 | 9.8 | Exploitation Less Likely | Yes | No | Yes |
| Windows Scripting | CVE-2023-36017 | 8.8 | Exploitation More Likely | Yes | No | No |
| Windows SmartScreen | CVE-2023-36025 | 8.8 | Exploitation Detected | Yes | No | No |
| Windows HMAC Key Derivation | CVE-2023-36400 | 8.8 | Exploitation Less Likely | Yes | No | No |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-36402 | 8.8 | Exploitation Less Likely | Yes | No | No |
| Azure DevOps | CVE-2023-36437 | 8.8 | Exploitation Less Likely | Yes | No | No |
| ASP.NET | CVE-2023-36560 | 8.8 | Exploitation Less Likely | Yes | No | No |
| Azure | CVE-2023-38151 | 8.8 | Exploitation Less Likely | Yes | No | Yes |
| Azure | CVE-2023-36052 | 8.6 | Exploitation Less Likely | Yes | No | No |
| Microsoft Windows Speech | CVE-2023-36719 | 8.4 | Exploitation Less Likely | Yes | No | No |
| ASP.NET | CVE-2023-36038 | 8.2 | Exploitation Less Likely | Yes | No | No |
| Azure | CVE-2023-36021 | 8 | Exploitation Less Likely | Yes | No | No |
| Microsoft Exchange Server | CVE-2023-36035 | 8 | Exploitation More Likely | Yes | No | No |
| Microsoft Exchange Server | CVE-2023-36039 | 8 | Exploitation More Likely | Yes | No | No |
| Microsoft Exchange Server | CVE-2023-36050 | 8 | Exploitation More Likely | Yes | No | No |
| Windows Distributed File System (DFS) | CVE-2023-36425 | 8 | Exploitation Less Likely | Yes | No | No |
| Microsoft Exchange Server | CVE-2023-36439 | 8 | Exploitation More Likely | Yes | No | No |
| Visual Studio Code | CVE-2023-36018 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Windows DWM Core Library | CVE-2023-36033 | 7.8 | Exploitation Detected | Yes | No | No |
| Windows Cloud Files Mini Filter Driver | CVE-2023-36036 | 7.8 | Exploitation Detected | Yes | No | No |
| Microsoft Office Excel | CVE-2023-36037 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Microsoft Office Excel | CVE-2023-36041 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Microsoft Office | CVE-2023-36045 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Windows Authentication Methods | CVE-2023-36047 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Tablet Windows User Interface | CVE-2023-36393 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Windows Compressed Folder | CVE-2023-36396 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Windows Hyper-V | CVE-2023-36407 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Windows Hyper-V | CVE-2023-36408 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Windows Defender | CVE-2023-36422 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Windows Common Log File System Driver | CVE-2023-36424 | 7.8 | Exploitation More Likely | Yes | No | No |
| Windows Installer | CVE-2023-36705 | 7.8 | Exploitation Less Likely | Yes | No | No |
| Microsoft Dynamics | CVE-2023-36007 | 7.6 | Exploitation Less Likely | Yes | No | No |
| Microsoft Dynamics | CVE-2023-36031 | 7.6 | Exploitation Less Likely | Yes | No | No |
| .NET Framework | CVE-2023-36049 | 7.6 | Exploitation Less Likely | Yes | No | No |
| Microsoft Dynamics | CVE-2023-36410 | 7.6 | Exploitation Less Likely | Yes | No | No |
| Windows DHCP Server | CVE-2023-36392 | 7.5 | Exploitation Less Likely | No | No | No |
| Windows Deployment Services | CVE-2023-36395 | 7.5 | Exploitation Less Likely | No | No | No |
| Microsoft Edge (Chromium-based) | CVE-2023-36014 | 7.3 | Exploitation Less Likely | Yes | No | No |
| Microsoft Edge (Chromium-based) | CVE-2023-36034 | 7.3 | Exploitation Less Likely | Yes | No | No |
| Microsoft Remote Registry Service | CVE-2023-36401 | 7.2 | Exploitation Less Likely | Yes | No | No |
| Microsoft Remote Registry Service | CVE-2023-36423 | 7.2 | Exploitation Less Likely | Yes | No | No |
| Microsoft Edge (Chromium-based) | CVE-2023-36024 | 7.1 | Exploitation Less Likely | Yes | No | No |
| Microsoft Edge (Chromium-based) | CVE-2023-36027 | 7.1 | Exploitation Less Likely | Yes | No | No |
| Windows Authentication Methods | CVE-2023-36046 | 7.1 | Exploitation Less Likely | Yes | No | No |
| Windows Storage | CVE-2023-36399 | 7.1 | Exploitation More Likely | Yes | No | No |
| Microsoft Windows Search Component | CVE-2023-36394 | 7 | Exploitation More Likely | Yes | No | No |
| Windows Kernel | CVE-2023-36403 | 7 | Exploitation Less Likely | Yes | No | No |
| Windows Kernel | CVE-2023-36405 | 7 | Exploitation Less Likely | Yes | No | No |
| Windows Hyper-V | CVE-2023-36427 | 7 | Exploitation Less Likely | Yes | No | No |
| Microsoft Edge (Chromium-based) | CVE-2023-36022 | 6.6 | Exploitation Less Likely | Yes | No | No |
| Open Management Infrastructure | CVE-2023-36043 | 6.5 | Exploitation Less Likely | Yes | No | No |
| Windows NTFS | CVE-2023-36398 | 6.5 | Exploitation Less Likely | Yes | No | No |
| Microsoft Office | CVE-2023-36413 | 6.5 | Exploitation More Likely | Yes | No | No |
| Microsoft Dynamics | CVE-2023-36016 | 6.2 | Exploitation Less Likely | Yes | No | No |
| Visual Studio | CVE-2023-36042 | 6.2 | Exploitation Less Likely | No | No | No |
| ASP.NET | CVE-2023-36558 | 6.2 | Exploitation Less Likely | Yes | No | No |
| Microsoft Dynamics 365 Sales | CVE-2023-36030 | 6.1 | Exploitation Less Likely | Yes | No | No |
| Microsoft Office SharePoint | CVE-2023-38177 | 6.1 | Exploitation More Likely | Yes | No | No |
| Windows Kernel | CVE-2023-36404 | 5.5 | Exploitation Less Likely | Yes | No | No |
| Windows Hyper-V | CVE-2023-36406 | 5.5 | Exploitation Less Likely | Yes | No | No |
| Windows Authentication Methods | CVE-2023-36428 | 5.5 | Exploitation Less Likely | Yes | No | No |
| Microsoft Edge (Chromium-based) | CVE-2023-36029 | 4.3 | Exploitation Less Likely | Yes | No | No |
