Microsoft Monthly Security Update (November 2023)

Release Date: 15 Nov 2023 4414 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Spoofing		 
AzureMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Security Restriction Bypass		 
WindowsHigh Risk High RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Denial of Service
Spoofing
Security Restriction Bypass

CVE-2023-36025 is being exploited in the wild. The vulnerability allows a malicious internet shortcut to bypass secuirty checks and warnings.

 

CVE-2023-36033 is being exploited in the wild. The vulnerability can be expoloited to gain SYSTEM privileges. 

 

CVE-2023-36036 is being exploited in the wild. The vulnerability can be exploited to gain SYSTEM privileges. 

 

Extended Security Updates (ESU)

High Risk High RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Denial of Service
Security Restriction Bypass

CVE-2023-36025 is being exploited in the wild. The vulnerability allows a malicious internet shortcut to bypass secuirty checks and warnings.

 

CVE-2023-36033 is being exploited in the wild. The vulnerability can be expoloited to gain SYSTEM privileges. 

 

CVE-2023-36036 is being exploited in the wild. The vulnerability can be exploited to gain SYSTEM privileges. 

Developer ToolsMedium Risk Medium RiskSecurity Restriction Bypass
Elevation of Privilege
Denial of Service
Spoofing		 
System CenterMedium Risk Medium RiskElevation of Privilege
Information Disclosure		 
Microsoft OfficeMedium Risk Medium RiskSecurity Restriction Bypass
Remote Code Execution		 
Microsoft DynamicsLow Risk Low RiskSpoofing 
Exchange ServerMedium Risk Medium RiskRemote Code Execution
Spoofing		 
MarinerLow Risk Low RiskDenial of Service 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 2

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 2

Evaluation of overall 'Risk Level': High Risk

Impact

  • Remote Code Execution
  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Security Restriction Bypass
  • Spoofing

System / Technologies affected

  • Browser
  • Windows
  • Extended Security Updates (ESU)
  • Developer Tools
  • Azure
  • Microsoft Office
  • SQL Server
  • Microsoft Dynamics
  • Exchange Server
  • Mariner

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftRemote Code ExecutionDenial of ServiceElevation of PrivilegeInformation DisclosureSecurity Restriction BypassSpoofingZero-dayExploit In The Wild

Share with

Previous

SAP Products Multiple Vulnerabilities

15 Nov 2023 3146 Views

Next

Google Chrome Remote Code Execution Vulnerabilities

15 Nov 2023 3931 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY