Microsoft’s November 2023 Patch Tuesday Addresses 3 Zero-Days, 104 Vulnerabilities

Microsoft just released its November Patch Tuesday security updates. In this latest installment, a total of 58 vulnerabilities have been addressed. Among these, the update tackles five zero-day vulnerabilities, with three actively exploited in the wild, warranting immediate attention and action from users and organizations alike. A detailed overview of these critical updates is provided below.  

What’s the November update from Microsoft?  

This month’s patch bundle is a robust response to emerging security concerns, encompassing 14 remote code execution (RCE) vulnerabilities. Notably, one vulnerability has been categorized as “Critical” by Microsoft, emphasizing the severity of the potential impact and the urgency of applying the patch.   

The three actively exploited zero-day vulnerabilities can be found below:

• CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability  
• CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability  
• CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability  

While these zero-day vulnerabilities are indeed alarming, there’s a silver lining. Microsoft has listed two publicly disclosed zero-day vulnerabilities—CVE-2023-36038: ASP.NET Core Denial of Service Vulnerability and CVE-2023-36413: Microsoft Office Security Feature Bypass Vulnerability. These vulnerabilities, although disclosed, have not exhibited any signs of exploitation. It’s essential to remain vigilant and monitor for any potential developments concerning these vulnerabilities.

For the complete list of resolved vulnerabilities and their specifics addressed in the November 2023 Patch Tuesday updates, a comprehensive report is available for reference. 

What is Nuspire doing? 

Nuspire remains steadfast in its commitment to cybersecurity excellence. Embracing a proactive approach, the company diligently implements patches as soon as they are released, aligning with vendor recommendations. Moreover, Nuspire’s security experts actively engage in threat hunting, employing advanced techniques to uncover and neutralize potential threats within client environments. 

How should I protect myself from these vulnerabilities? 

To shield your systems against potential exploitation, immediate action is imperative. Organizations must swiftly apply the Microsoft Patch Tuesday updates, with particular emphasis on addressing the three actively exploited vulnerabilities mentioned earlier.  

Timely application of patches serves as a robust defense, thwarting malicious actors from capitalizing on known vulnerabilities. In cases where immediate patching isn’t feasible, reviewing individual CVEs from Microsoft can offer alternative workarounds or mitigations to fortify your defenses against potential attacks. 

The evolving cybersecurity landscape mandates proactive vigilance and a commitment to rapid response measures, ensuring resilience against emerging threats. Stay informed, stay secure!