Microsoft Security Bulletin Coverage for November 2023
Overview
Microsoft's November 2023 Patch Tuesday has 57 vulnerabilities, and 15 of them are remote code execution vulnerabilities. The vulnerabilities can be classified into the following categories:
- 17 Elevation of Privilege Vulnerabilities
- 5 Security Feature Bypass Vulnerabilities
- 15 Remote Code Execution Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
- 9 Spoofing Vulnerability
Figure 1: A pie chart breaking down the vulnerabilities by category.
The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2023 and has produced coverage for six of the reported vulnerabilities.
Vulnerabilities with Detections
CVE-2023-36033 Windows DWM Core Library Elevation of Privilege Vulnerability
ASPY 505 Exploit-exe exe.MP_351
CVE-2023-36036 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
ASPY 506 Exploit-exe exe.MP_352
CVE-2023-36394 Windows Search Service Elevation of Privilege Vulnerability
ASPY 504 Exploit-exe exe.MP_350
CVE-2023-36399 Windows Storage Elevation of Privilege Vulnerability
ASPY 503 Exploit-exe exe.MP_349
CVE-2023-36413 Microsoft Office Security Feature Bypass Vulnerability
ASPY 507 Malformed-docx docx.MP_10
CVE-2023-36424 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 502 Exploit-exe exe.MP_348
Remote Code Execution Vulnerabilities
CVE-2023-36017 Windows Scripting Engine Memory Corruption Vulnerability
CVE-2023-36028 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-36041 Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36045 Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-36393 Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-36396 Windows Compressed Folder Remote Code Execution Vulnerability
CVE-2023-36397 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-36401 Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36402 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36423 Microsoft Remote Registry Service Remote Code Execution Vulnerability
CVE-2023-36425 Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-36437 Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-36439 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38151 Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability
CVE-2023-38177 Microsoft SharePoint Server Remote Code Execution Vulnerability
Elevation of Privilege Vulnerabilities
CVE-2023-36033 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2023-36036 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36047 Windows Authentication Elevation of Privilege Vulnerability
CVE-2023-36049 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36394 Windows Search Service Elevation of Privilege Vulnerability
CVE-2023-36399 Windows Storage Elevation of Privilege Vulnerability
CVE-2023-36400 Windows HMAC Key Derivation Elevation of Privilege Vulnerability
CVE-2023-36403 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36405 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36407 Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36408 Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36422 Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-36424 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36427 Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2023-36558 ASP.NET Core - Security Feature Bypass Vulnerability
CVE-2023-36705 Windows Installer Elevation of Privilege Vulnerability
CVE-2023-36719 Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability
Denial of Service Vulnerabilities
CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability
CVE-2023-36042 Visual Studio Denial of Service Vulnerability
CVE-2023-36046 Windows Authentication Denial of Service Vulnerability
CVE-2023-36392 DHCP Server Service Denial of Service Vulnerability
CVE-2023-36395 Windows Deployment Services Denial of Service Vulnerability
Information Disclosure Vulnerabilities
CVE-2023-36043 Open Management Infrastructure Information Disclosure Vulnerability
CVE-2023-36052 Azure CLI REST Command Information Disclosure Vulnerability
CVE-2023-36398 Windows NTFS Information Disclosure Vulnerability
CVE-2023-36404 Windows Kernel Information Disclosure Vulnerability
CVE-2023-36406 Windows Hyper-V Information Disclosure Vulnerability
CVE-2023-36428 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Security Feature Bypass Vulnerabilities
CVE-2023-36021 Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability
CVE-2023-36025 Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36037 Microsoft Excel Security Feature Bypass Vulnerability
CVE-2023-36413 Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-36560 ASP.NET Security Feature Bypass Vulnerability
Spoofing Vulnerabilities
CVE-2023-36007 Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability
CVE-2023-36016 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36018 Visual Studio Code Jupyter Extension Spoofing Vulnerability
CVE-2023-36030 Microsoft Dynamics 365 Sales Spoofing Vulnerability
CVE-2023-36031 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36035 Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36039 Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36050 Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36410 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
