Il patch day Microsoft November 2023 is shaping up to be unusually light. The Redmond company has released official fixes for 64 security vulnerabilities: three of them are considered highly critical and three are already exploited by cyber criminals to launch attacks.
This month the Redmond company “celebrates” the first 20 years of Patch Tuesday: apart from the occasional release of emergency updatesthe choice of the second Tuesday of the month as the day dedicated to the publication of security fixes for all Microsoft software dates back to two decades ago.
What are the most important Microsoft updates for November 2023
Two security updates concern as many vulnerabilities that can only be exploited locally but which allow acquire elevated privileges. The patches in question fix the security gaps identified by the identifiers CVE-2023-36033 and CVE-2023-36036. Both already exploited by cyber criminals, in the case of the first the problem concerns the library Windows DWM Core. DWM (Desktop Window Manager) is a key component of the operating system that manages the visual appearance and graphic composition of the user interface. Control visual effects such as transparencies, animations and the appearance of windows. Furthermore, it is responsible for managing everything that appears on the screen, helping to provide a smooth user experience.
The second vulnerability we mentioned, however, affects the driver Windows Cloud Files mini-filter. I mini-filter are system components that allow you to intercept and manipulate I/O (input/output) operations at the file system level. These driver they can be used to implement features such as file encryption, compression, access control, or other operations.
Particularly relevant is the patch that corrects the CVE-2023-36025 vulnerability. Also already exploited to conduct particularly effective attacks “in the real world”, it corrects a problem in SmartScreen, a protection feature integrated into Windows Defender which uses cloud-based intelligence to block potentially harmful applications, files and sites.
In the present case, in the absence of the corrective update, an attacker can bypass the controls exercised by SmartScreen and direct victims to malicious websites.
Finally, the CVE-2023-36397 flaw is described as one of the most serious ever (rating 9.8 out of 10 points, in terms of criticality). However, Microsoft explains that the service Windows message queuing must be active for the attack to be successful. The problem, which concerns the implementation of the protocol Windows Pragmatic General Multicast (PGM), can lead toexecution of arbitrary code through the network. To check if the service was running, just type the command netstat -an | find "1801" al prompt in Windows (cmd).
A brief discussion of the vulnerabilities resolved this month is available, as usual, by consulting the ISC-SANS analysis.
