PRIOn Logo

Microsoft Patch Tuesday Analysis - November 2023


Everything You Need To Know About Patch Tuesday November 2023.

Microsoft has rolled out security patches covering 63 vulnerabilities, with three of these are currently under active exploitation. These (3) vulnerabilities can be found in the CISA Known Exploited Vulnerability (KEV) catalog.

/
Cover Image for Microsoft Patch Tuesday Analysis - November 2023

What is Patch Tuesday

Patch Tuesday refers to regular, scheduled releases of software patches and updates by various technology companies, including Microsoft, Adobe, Oracle etc. It occurs on the second Tuesday of each month. During Patch Tuesday, Microsoft releases:

  • Security Updates

  • Bug Fixes

  • Improvements in its products (Windows OS, MS Office, other supported MS applications)

November 2023

Microsoft has rolled out security patches covering 63 vulnerabilities, with three of these are currently under active exploitation. These (3) vulnerabilities can be found in the CISA Known Exploited Vulnerability (KEV) catalog.

  • CVE-2023-36025 (0day - Security Feature Bypass): The vulnerability arises from an issue in the Windows SmartScreen feature. An external attacker could deceive the user into clicking on a specifically crafted .url file, leading to the execution of arbitrary code on the system.

  • CVE-2023-36033 (0day - Elevation of Privilege): The vulnerability is present because of a boundary error in the Windows DWM Core Library. When exploited by a local user, it can induce memory corruption and enable the execution of arbitrary code with SYSTEM privileges.

  • CVE-2023-36036 (0day - Elevation of Privilege): The vulnerability stems from a boundary error in the Windows Cloud Files Mini Filter Driver. If exploited by a local user, it can initiate memory corruption, allowing the execution of arbitrary code with SYSTEM privileges.

Products

In the provided image below, we can see that the primary products are Microsoft Edge, followed by Microsoft Exchange Server and Microsoft Dynamics.

MS Products affected by vulns.

Vulnerability Types

In the image below we can observe that the predominant vulnerability type for this month is elevation of privilege (18), trailed by remote code execution (17) and spoofing (7) respectively.

Vulnerability Types

The below heatmap depicts the distribution of various vulnerability types per MS product.

HeatMap VTs per Product (Distribution)

CVSSv3 Score Distribution

It becomes evident that a significant majority of vulnerabilities gravitates towards the range of 7 to 9. This cluster underscores the high to critical severity of these vulnerabilities.

CVSSv3

Some statistics about CVSSv3 score distribution:

  • mean: ~7.5

  • min: 4.3

  • max: 9.8

  • median: 7.8

PRIOn KB Prioritization Decision Engine

PRIOn KB prioritization decision engine provides sensible default prioritization for vulnerabilities, which can also be customized to align with your security policies and requirements. The below pie chart provides a visual presentation of the distribution of vulnerabilities analysed via the PRIOn KB decision engine. At a glance, it becomes evident that the majority of the vulnerabilities, comprising a substantial 67.7% of the total, fail into the “Significant” risk priority level. The “Routine” priority level makes up 27.7% of the chart. This Significant priority level represents vulnerabilities that demand a higher level of attention than the “Routine” risk level vulnerabilities but are not yet classified as “Urgent” or “Immediate" risk. The pie chart further reveals that “Urgent” risk level vulnerabilities constitute 3.1% of the overall vulnerabilities, signifying a relatively smaller but more critical subset of vulnerabilities that necessitate urgent action to mitigate potential threats. Finally, the “Immediate” risk level category, while the smallest at 1.5%, emphasizes vulnerabilities that demand the highest priority remediation effort.

Pie Chart with the prioritization labels

In the table below, we have arranged all the examined CVEs by priority.

CVE

Score

Label

CVE-2023-36025

94

Immediate

CVE-2023-36036

84

Urgent

CVE-2023-36033

84

Urgent

CVE-2023-36049

68

Significant

CVE-2023-36028

66

Significant

CVE-2023-36397

66

Significant

CVE-2023-36018

64

Significant

CVE-2023-36052

63

Significant

CVE-2023-36427

63

Significant

CVE-2023-36439

63

Significant

CVE-2023-36041

63

Significant

CVE-2023-36038

63

Significant

CVE-2023-36024

63

Significant

CVE-2023-36719

62

Significant

CVE-2023-36050

61

Significant

CVE-2023-36039

61

Significant

CVE-2023-36014

61

Significant

CVE-2023-36046

61

Significant

CVE-2023-36047

61

Significant

CVE-2023-36392

61

Significant

CVE-2023-36393

61

Significant

CVE-2023-36394

61

Significant

CVE-2023-36395

61

Significant

CVE-2023-36396

61

Significant

CVE-2023-36399

61

Significant

CVE-2023-36400

61

Significant

CVE-2023-36401

61

Significant

CVE-2023-36402

61

Significant

CVE-2023-36403

61

Significant

CVE-2023-36405

61

Significant

CVE-2023-36407

61

Significant

CVE-2023-36408

61

Significant

CVE-2023-36422

61

Significant

CVE-2023-36423

61

Significant

CVE-2023-36424

61

Significant

CVE-2023-36425

61

Significant

CVE-2023-36560

61

Significant

CVE-2023-36437

61

Significant

CVE-2023-36705

61

Significant

CVE-2023-38151

61

Significant

CVE-2023-36045

61

Significant

CVE-2023-36037

61

Significant

CVE-2023-36035

61

Significant

CVE-2023-36034

61

Significant

CVE-2023-36021

61

Significant

CVE-2023-36410

60

Routine

CVE-2023-36031

60

Routine

CVE-2023-36007

60

Routine

CVE-2023-36017

59

Routine

CVE-2023-38177

59

Routine

CVE-2023-36558

59

Routine

CVE-2023-36428

59

Routine

CVE-2023-36413

59

Routine

CVE-2023-36406

59

Routine

CVE-2023-36404

59

Routine

CVE-2023-36398

59

Routine

CVE-2023-36043

59

Routine

CVE-2023-36042

59

Routine

CVE-2023-36030

59

Routine

CVE-2023-36029

59

Routine

CVE-2023-36027

59

Routine

CVE-2023-36022

59

Routine

CVE-2023-36016

59

Routine

How PRIOn can help

PRIOn is an AI driven vulnerability prioritization technology. PRIOn is here to automatically prioritize vulnerabilities, public or private, that matter most across your entire environment. Contact us here for any inquiry/demo. We are here to assist you to transform your vulnerability management lifecycle.


More from PRIOn

A Year in Review 2022

PRIOn Team
PRIOn Team
Cover Image for undefined