Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. 

While fourteen remote code execution (RCE) bugs were fixed, Microsoft only rated one as critical. The three critical flaws fixed today are an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw that allows the executions of programs on the host with SYSTEM privileges.

The number of bugs in each vulnerability category is listed below: 

• 16 Elevation of Privilege Vulnerabilities
• 6 Security Feature Bypass Vulnerabilities
• 15 Remote Code Execution Vulnerabilities
• 6 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities
• 11 Spoofing Vulnerabilities

The total count of 58 flaws does not include 5 Mariner security updates and 20 Microsoft Edge security updates released earlier this month.

Five zero-days fixed

This month's Patch Tuesday fixes five zero-day vulnerabilities, with three exploited in attacks and three publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The three actively exploited zero-day vulnerabilities in today's updates are:

CVE-2023-36036 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 

Microsoft has fixed an actively exploited Windows Cloud Files Mini Filter Elevation of Privileges bug.

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.

It is not known how the flaw was abused in attacks or by what threat actor.

The flaw was discovered internally by the Microsoft Threat Intelligence Microsoft Security Response Center.

CVE-2023-36033 - Windows DWM Core Library Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited and publicly disclosed Windows DWM Core Library vulnerability that can be used to elevate privileges to SYSTEM.

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.

Microsoft says that the flaw was discovered by Quan Jin(@jq0904) with DBAPPSecurity WeBin Lab but did not share details on how they were used in attacks.

CVE-2023-36025 - Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft has fixed an actively exploited Windows SmartScreen flaw that allows a malicious Internet Shortcut to bypass security checks and warnings.

"The attacker would be able to bypass Windows Defender SmartScreen checks and their associated prompts," explains Microsoft.

"The user would have to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be compromised by the attacker," continues Microsoft.

Microsoft says that the flaw was discovered by Will Metcalf (Splunk), Microsoft Threat Intelligence, and the Microsoft Office Product Group Security Team.

In addition, Microsoft says that two other publicly disclosed zero-day bugs, 'CVE-2023-36413 - Microsoft Office Security Feature Bypass Vulnerability' and the 'CVE-2023-36038 -- ASP.NET Core Denial of Service Vulnerability,' were also fixed as part of today's Patch Tuesday.

However, Microsoft says that they were not actively exploited in attacks.

Recent updates from other companies

Other vendors who released updates or advisories in November 2023 include:

• Cisco released security updates for various products, including Cisco ASA.
• The Citrix 'Citrix Bleed" vulnerability is being exploited by numerous hacking groups, including ransomware gangs.
• Google released the Android November 2023 security updates.
• Four Juniper vulnerabilities are now chained in remote code execution (RCE) attacks.
• Microsoft Exchange zero-day flaws were disclosed after Microsoft decided they did not meet the bar for immediate servicing.
• QNAP released fixes for two critical command injection vulnerabilities.
• SAP has released its November 2023 Patch Day updates.
• SysAid released security updates for a zero-day vulnerability exploited in Clop ransomware attacks.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.