Microsoft Monthly Security Update – 15 November 2023

In Cyber Security by Matsco Engineering Team

 

Microsoft have released a security advisory on the 15th of November 2023 in line with their regular monthly patch schedule which includes a number of updates to address two (2) high risk, six (6) medium risk and two (2) low risk vulnerabilities. 

These updates address vulnerabilities which may impact services through Denial of Service, Elevation of Privilege, Remote Code Execution, Security Restriction Bypass, Information Disclosure and Spoofing. 

For more information please see: Microsoft Security Update

This release consists of security updates for the following products, features and roles:

  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Windows Scripting
  • Visual Studio Code
  • Azure
  • Windows SmartScreen
  • Windows Protected EAP (PEAP)
  • Microsoft Dynamics 365 Sales
  • Windows DWM Core Library
  • Microsoft Exchange Server
  • Windows Cloud Files Mini Filter Driver
  • Microsoft Office Excel
  • ASP.NET
  • Visual Studio
  • Open Management Infrastructure
  • Microsoft Office
  • Windows Authentication Methods
  • .NET Framework
  • Windows DHCP Server
  • Tablet Windows User Interface
  • Microsoft Windows Search Component
  • Windows Deployment Services
  • Windows Compressed Folder
  • Windows Internet Connection Sharing (ICS)
  • Windows NTFS
  • Windows Storage
  • Windows HMAC Key Derivation
  • Microsoft Remote Registry Service
  • Microsoft WDAC OLE DB provider for SQL
  • Windows Kernel
  • Windows Hyper-V
  • Windows Defender
  • Windows Common Log File System Driver
  • Windows Distributed File System (DFS)
  • Azure DevOps
  • Windows Installer
  • Microsoft Windows Speech
  • Microsoft Office SharePoint

 

CVE-2023-36025 is being exploited in the wild and allows a malicious internet shortcut to bypass security checks and warnings.

CVE-2023-36033 is being exploited in the wild and can be exploited to gain SYSTEM privileges.

CVE-2023-36036 is being exploited in the wild and can be exploited to gain SYSTEM privileges.

Matsco recommends any affected systems are updated as soon as convenient 

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post