You are currently viewing Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

  • Post author:
  • Post last modified:15 November 2023
Share this..

Table of Contents Show

Critical Microsoft Patch Addresses 63 Vulnerabilities, Including 5 Zero-Days

Microsoft has released a significant security update for November 2023, addressing a total of 63 vulnerabilities across its software products. Among these, five zero-days have been identified as being actively exploited in the wild. The update also includes fixes for two critical remote code execution flaws and an information disclosure vulnerability in Azure CLI.

Key Vulnerabilities

  • CVE-2023-36025: Windows SmartScreen Security Feature Bypass Vulnerability (CVSS score: 8.8)
  • CVE-2023-36033: Windows DWM Core Library Elevation of Privilege Vulnerability (CVSS score: 7.8)
  • CVE-2023-36036: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVSS score: 7.8)
  • CVE-2023-36038: ASP.NET Core Denial of Service Vulnerability (CVSS score: 8.2)
  • CVE-2023-36413: Microsoft Office Security Feature Bypass Vulnerability (CVSS score: 6.5)

Additional Vulnerabilities

  • CVE-2023-36028 and CVE-2023-36397: Critical remote code execution flaws in Protected Extensible Authentication Protocol and Pragmatic General Multicast (CVSS scores: 9.8)
  • CVE-2023-38545: Critical heap-based buffer overflow flaw in the curl library (CVSS score: 9.8)
  • CVE-2023-36052: Information disclosure vulnerability in Azure CLI (CVSS score: 8.6)

Impact and Recommendations

The exploitation of these vulnerabilities could allow attackers to gain unauthorized access to systems, execute malicious code, or steal sensitive information. It is crucial for all affected users to apply the latest security patches as soon as possible. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the three actively exploited zero-days to its Known Exploited Vulnerabilities (KEV) catalog and urges federal agencies to apply the fixes by December 5, 2023.

Conclusion

This extensive security update from Microsoft highlights the importance of regular patching and maintaining up-to-date software versions to protect against evolving cybersecurity threats. Organizations and individuals should prioritize applying security patches promptly to minimize the risk of exploitation.


Share this..