Microsoft’s monthly security update released Tuesday only includes three critical vulnerabilities, an unusually small number based on previous months’ Patch Tuesdays.
In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.” This is the fewest number of vulnerabilities Microsoft disclosed in a month since May.
However, there are three zero-day vulnerabilities included in November’s Patch Tuesday, and another three that have already been publicly disclosed.
CVE-2023-36033 is an elevation of privilege vulnerability in the Windows DWM Core Library that could allow an attacker to gain SYSTEM-level privileges. According to Microsoft, this vulnerability has already been exploited in the wild and there is proof-of-concept code available.
Another zero-day elevation of privilege vulnerability, CVE-2023-36036, exists in the Windows Cloud Files mini-filter driver that could also allow an attacker to gain SYSTEM privileges.
The other vulnerability that’s being exploited in the wild is CVE-2023-36025, which could allow an adversary to bypass Windows Defender SmartScreen checks and other associated prompts. An attacker could exploit this vulnerability by tricking the targeted user into clicking on a specially crafted internet shortcut or hyperlink pointing to an attacker-controlled website.
CVE-2023-36397 has one of the highest possible severity scores among the vulnerabilities disclosed Tuesday, a 9.8 out of a possible 10 CVSS score. However, ..
Support the originator by clicking the read the rest link below.
