Service Notices
Microsoft Releases November 2023 Security Updates
Nov 17, 2023 GMT+08:00
I. Overview
Microsoft has released its November 2023 security updates. A total of 57 security vulnerabilities have been disclosed, among which 3 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and denial of service (DoS). The affected applications include components such as Microsoft Windows, Microsoft Office, ASP.NET Core and .NET.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Nov
The following vulnerabilities have been exploited by attackers:
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36036): 0-day vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.
Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2023-36033): 0-day vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.
Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-36025): 0-day vulnerability. An unauthenticated remote attacker could induce a user to click a specially crafted .url file to trigger the vulnerability. Successful exploitation of this vulnerability can bypass the Windows Defender SmartScreen checks and their associated prompts, and enable arbitrary code execution on the target system. This vulnerability has been exploited in the wild, and the risk is high.
Microsoft Office Security Feature Bypass Vulnerability (CVE-2023-36413): An unauthenticated remote attacker could trigger the vulnerability by sending a specially crafted file to a user and inducing the user to open the file. Successful exploitation of this vulnerability would allow the attacker to bypass the Office Protected View and open files in editing mode rather than protected mode. The vulnerability has been disclosed, and the risk is high.
ASP.NET Core Denial of Service Vulnerability (CVE-2023-36038): An unauthenticated remote attacker could exploit this vulnerability by canceling an HTTP request to .net 8 RC 1 running on the IIS InProcess hosting model. Successful exploitation of this vulnerability would cause an increased number of threads and OutOfMemoryException. The vulnerability has been disclosed, and the risk is high.
10 vulnerabilities (such as CVE-2023-36017, CVE-2023-36035, and CVE-2023-36039) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, ASP.NET Core, .NET, and other products.
IV. Vulnerability Details
CVE No. |
Vulnerability |
Severity |
Description |
CVE-2023-36400 |
Windows HMAC Key Derivation Elevation of Privilege Vulnerability |
Important |
An attacker could run a specially crafted application to trigger the vulnerability. Successful exploitation of the vulnerability could allow a low-privilege Hyper-V guest to traverse its security boundary, execute code in the Hyper-V host execution environment, and finally obtain SYSTEM privileges. |
CVE-2023-36052 |
Azure CLI REST Command Information Disclosure Vulnerability |
Important |
An unauthenticated attacker can search and discover credentials contained in log files which have been stored in open-source repositories. An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files. |
CVE-2023-36397 |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
Important |
When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.