As with any second Tuesday of the month, November 2023’s Patch Tuesday included many repairs to Microsoft security features, among other crucial vulnerabilities. We’ll discuss what these patches mean for Windows products and servers.
General Summary: November Patch for Microsoft
November’s Patch Tuesday addressed 63 security bugs in its software, three of which have a Critical rating. Fifty-six bugs had an Important rating, with four remaining issues of Moderate importance and severity. Microsoft listed two bugs as “known to the public,” meaning others were aware of these vulnerabilities before November’s patch release.
The three Critical bugs relate to Windows' “zero-day threats,” the phrase indicating traditional threat blockers hadn’t seen its signature before. Your server or system would not recognize it as a problem until it is too late. The November patch fixes these bugs.
The Zero-Day Threats That This Microsoft Patch Update Addresses
The November patch for Microsoft products became crucial in closing three Critical zero-day threats. Due to disclosures from Microsoft, we know the location of the weakness and that the patch can address them:
Critical #1: Windows SmartScreen Security Feature Bypass Vulnerability
Windows SmartScreen works in Microsoft products as a cloud-based anti-phishing and anti-malware component. In this case, an attacker would convince a target to click on a malicious internet shortcut (.URL) file. Then, the attacker would be able to bypass Windows SmartScreen security checks.
Critical #2: Windows DWM Core Library Elevation of Privilege Vulnerability
An Elevation of Privilege (EoP) vulnerability allows attackers to gain more control over an account or system than said system initially allowed. Libraries allow you to place files and folders in recognizable storage places, like My Documents or My Pictures. DWM stands for Desktop Windows Manager, which controls the user interface and appearance, including task icons, windows effects, and themes.
This vulnerability allowed local attackers to gain system access in Windows 10 and later, plus Windows Server 2019 and later versions. They could often gain these abilities after a successful phishing scam.
Critical #3: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
The November patch for Microsoft also identified and addressed a vulnerability present in:
- Windows 10 and later
- Windows Server 2008 and later
Microsoft did not disclose specific details about this issue. However, as with most EoP vulnerabilities, attackers could use the flaw to gain system access and increase their control over it.
Fixed: Two Public Bugs Without Active Use
Microsoft also created patches for two additional bugs that had public awareness: one for MS Office and another for ASP.NET Core. They noted no “in-the-wild” exploitation but patched the issues due to their publicity.
The MS Office vulnerability would allow attackers to fool targets into opening a malicious Office document and bypassing security. ASP.NET Core works as an open-source web application framework. Attackers could trigger an OutOfMemoryException, causing a denial of service (DoS) condition, also known as a DoS attack.
How To Take Advantage of the November 2023 Microsoft Patches
To use the November patch for Microsoft products and servers, allow your system to update. Follow the Windows Update instructions without interruption to ensure it installs and begins protecting your system as intended.