5 New Zero-day Vulnerabilities Patched in the Microsoft Security Update

Microsoft has released their security patches as part of their Patch Tuesday for November 2023. Microsoft has patched nearly 58 flaws, including 5 zero-day vulnerabilities.

The vulnerabilities were associated with Privilege Escalation (16), Remote code execution (15), Spoofing (11), Security Feature Bypass (6), Information Disclosure (6), and Denial of Service (5).

Microsoft also republished 15 non-Microsoft CVEs, which existent on Microsoft Bluetooth Driver and Microsoft Edge (Chromium-based) as mentioned in their release notes of November 2023.

Zero-Day Vulnerabilities

Microsoft mentioned three zero-day vulnerabilities as “Exploited Detected” as threat actors exploited them in the wild. 

CVE-2023-36036 – Elevation of Privilege in Windows Cloud Files Mini Filter Driver

A threat actor could exploit this vulnerability and gain SYSTEM privilege to perform several malicious activities on the compromised system.

This vulnerability affected Microsoft Windows Server 2019, 32-bit Systems, x64-based Systems, ARM64-based Systems, Windows Server 2022, Windows 11 version 21H2, and many other Microsoft Products.

The severity for this vulnerability has been given as 7.8 (High). However, there was no additional information about this vulnerability, such as how it was exploited or by which threat actor.

CVE-2023-36025: Security Feature Bypass in Multiple Windows Products

This vulnerability can be exploited by an unauthorized threat actor who does not require any access or settings for attacking. However, to successfully exploit this vulnerability, a user interaction is required.

This vulnerability existed in multiple Microsoft products and was rated 8.8 (High). Microsoft provided no additional information about this zero-day vulnerability.

CVE-2023-36033: Elevation of Privilege in Windows DWM Core Library

This was another zero-day vulnerability mentioned by Microsoft, which a threat actor could exploit. However, no user interaction is required to exploit this vulnerability, but a basic user privilege is required to exploit this vulnerability.

This vulnerability was given a severity of 7.8 (High) and is found to exist on many Microsoft products. Microsoft provided no other additional information about this vulnerability.

TagCVEBase ScoreExploitabilityFAQs?Workarounds?Mitigations?
Windows Protected EAP (PEAP)CVE-2023-360289.8Exploitation Less LikelyYesNoYes
Windows Internet Connection Sharing (ICS)CVE-2023-363979.8Exploitation Less LikelyYesNoYes
Windows ScriptingCVE-2023-360178.8Exploitation More LikelyYesNoNo
Windows SmartScreenCVE-2023-360258.8Exploitation DetectedYesNoNo
Windows HMAC Key DerivationCVE-2023-364008.8Exploitation Less LikelyYesNoNo
Microsoft WDAC OLE DB provider for SQLCVE-2023-364028.8Exploitation Less LikelyYesNoNo
Azure DevOpsCVE-2023-364378.8Exploitation Less LikelyYesNoNo
ASP.NETCVE-2023-365608.8Exploitation Less LikelyYesNoNo
AzureCVE-2023-381518.8Exploitation Less LikelyYesNoYes
AzureCVE-2023-360528.6Exploitation Less LikelyYesNoNo
Microsoft Windows SpeechCVE-2023-367198.4Exploitation Less LikelyYesNoNo
ASP.NETCVE-2023-360388.2Exploitation Less LikelyYesNoNo
AzureCVE-2023-360218Exploitation Less LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-360358Exploitation More LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-360398Exploitation More LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-360508Exploitation More LikelyYesNoNo
Windows Distributed File System (DFS)CVE-2023-364258Exploitation Less LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-364398Exploitation More LikelyYesNoNo
Visual Studio CodeCVE-2023-360187.8Exploitation Less LikelyYesNoNo
Windows DWM Core LibraryCVE-2023-360337.8Exploitation DetectedYesNoNo
Windows Cloud Files Mini Filter DriverCVE-2023-360367.8Exploitation DetectedYesNoNo
Microsoft Office ExcelCVE-2023-360377.8Exploitation Less LikelyYesNoNo
Microsoft Office ExcelCVE-2023-360417.8Exploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-360457.8Exploitation Less LikelyYesNoNo
Windows Authentication MethodsCVE-2023-360477.8Exploitation Less LikelyYesNoNo
Tablet Windows User InterfaceCVE-2023-363937.8Exploitation Less LikelyYesNoNo
Windows Compressed FolderCVE-2023-363967.8Exploitation Less LikelyYesNoNo
Windows Hyper-VCVE-2023-364077.8Exploitation Less LikelyYesNoNo
Windows Hyper-VCVE-2023-364087.8Exploitation Less LikelyYesNoNo
Windows DefenderCVE-2023-364227.8Exploitation Less LikelyYesNoNo
Windows Common Log File System DriverCVE-2023-364247.8Exploitation More LikelyYesNoNo
Windows InstallerCVE-2023-367057.8Exploitation Less LikelyYesNoNo
Microsoft DynamicsCVE-2023-360077.6Exploitation Less LikelyYesNoNo
Microsoft DynamicsCVE-2023-360317.6Exploitation Less LikelyYesNoNo
.NET FrameworkCVE-2023-360497.6Exploitation Less LikelyYesNoNo
Microsoft DynamicsCVE-2023-364107.6Exploitation Less LikelyYesNoNo
Windows DHCP ServerCVE-2023-363927.5Exploitation Less LikelyNoNoNo
Windows Deployment ServicesCVE-2023-363957.5Exploitation Less LikelyNoNoNo
Microsoft Edge (Chromium-based)CVE-2023-360147.3Exploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2023-360347.3Exploitation Less LikelyYesNoNo
Microsoft Remote Registry ServiceCVE-2023-364017.2Exploitation Less LikelyYesNoNo
Microsoft Remote Registry ServiceCVE-2023-364237.2Exploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2023-360247.1Exploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2023-360277.1Exploitation Less LikelyYesNoNo
Windows Authentication MethodsCVE-2023-360467.1Exploitation Less LikelyYesNoNo
Windows StorageCVE-2023-363997.1Exploitation More LikelyYesNoNo
Microsoft Windows Search ComponentCVE-2023-363947Exploitation More LikelyYesNoNo
Windows KernelCVE-2023-364037Exploitation Less LikelyYesNoNo
Windows KernelCVE-2023-364057Exploitation Less LikelyYesNoNo
Windows Hyper-VCVE-2023-364277Exploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2023-360226.6Exploitation Less LikelyYesNoNo
Open Management InfrastructureCVE-2023-360436.5Exploitation Less LikelyYesNoNo
Windows NTFSCVE-2023-363986.5Exploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-364136.5Exploitation More LikelyYesNoNo
Microsoft DynamicsCVE-2023-360166.2Exploitation Less LikelyYesNoNo
Visual StudioCVE-2023-360426.2Exploitation Less LikelyNoNoNo
ASP.NETCVE-2023-365586.2Exploitation Less LikelyYesNoNo
Microsoft Dynamics 365 SalesCVE-2023-360306.1Exploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2023-381776.1Exploitation More LikelyYesNoNo
Windows KernelCVE-2023-364045.5Exploitation Less LikelyYesNoNo
Windows Hyper-VCVE-2023-364065.5Exploitation Less LikelyYesNoNo
Windows Authentication MethodsCVE-2023-364285.5Exploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2023-360294.3Exploitation Less LikelyYesNoNo
Posted in Cybersecurity

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*