[Zero-day] Microsoft release updates for 5 zero-days on November 2023's Patch Tuesday

[Zero-day] Microsoft release updates for 5 zero-days on November 2023's Patch Tuesday

Hello everyone! 

Microsoft has published updates for a total of 63 vulnerabilities in this Patch Tuesday. Of the total, 5 of these have been classified as zero-days. 

Here are the details of the zero days:


CVE ID
Description
CVE-2023-36025
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36033  
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36038 
ASP.NET Core Denial of Service Vulnerability
CVE-2023-36413 
Microsoft Office Security Feature Bypass Vulnerability

These patches can be deployed to your endpoints seamlessly, using one of the following methods:


Note: Kindly ensure that a Vulnerability DB sync has been initiated and completed successfully before proceeding.

Method 1:

a. On the console, navigate to Patches > Missing Patches and create a filter.

b. The criterion for the filter should be: CVE ID - equal - <CVE ID of the respective vulnerability>.

c. Once done, the missing patches in your network, corresponding to the particular CVE ID will be listed below. 


Method 2: 

a. Navigate to Patches > Top-Priority Patches.

b. Select the required patches via the Patch ID.

c. Click on Install/Publish Patches to deploy them.


Here is a list of the patch IDs corresponding to the vulnerabilities: 

Bulletin IDPatch IDDescription
MS23-NOV3376122023-11 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376102023-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376132023-11 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376112023-11 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376142023-11 Cumulative Update for Windows 11 for x64-based Systems (KB5032192) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376032023-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376042023-11 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376022023-11 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376012023-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5032198) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376082023-11 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5032190) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376092023-11 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5032190) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV2376232023-11 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5032248) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV2376222023-11 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5032248) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV2376212023-11 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5032250) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376122023-11 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376102023-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376132023-11 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376112023-11 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376142023-11 Cumulative Update for Windows 11 for x64-based Systems (KB5032192) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376032023-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376042023-11 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376022023-11 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376182023-11 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376172023-11 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376162023-11 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376012023-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5032198) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376192023-11 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5032199) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376202023-11 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5032199) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376082023-11 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5032190) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376092023-11 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5032190) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV6376252023-11 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5032254) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV6376262023-11 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5032254) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV6376242023-11 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5032252) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV6376282023-11 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5032247) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV6376272023-11 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5032249) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS21-O2019R37731Update for Office 2019 for x64 2310 Retail Version (16924.20150)
MS21-O2019R37733Update for Office 2019 for x86 2310 Retail Version (16924.20150)
MS21-O2019V37727Update for Office 2019 for x64 1808 of volume version (10404.20013)
MS21-O2019V37729Update for Office 2019 for x86 1808 of volume version (10404.20013)
MS21-O2021R37739Update for Office 2021 for x64 2310 of Retail Version  (16924.20150)
MS21-O2021R37741Update for Office 2021 for x86 2310 of Retail Version (16924.20150)
MS21-O2021V37735Update for Office 2021 for x64 2108 of volume version(14332.20604)
MS21-O2021V37737Update for Office 2021 for x86 2108 of volume version (14332.20604)
MS21-O365C37699Update for Microsoft 365 Apps for Business Current Channel for x64 2310 of version (16924.20150)
MS21-O365C37701Update for Microsoft 365 Apps for Business Current Channel for x86 2310 of version (16924.20150)
MS21-O365C37703Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2310 of version (16924.20150)
MS21-O365C37705Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2310 of version (16924.20150)
MS21-O365M37711Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2309 of version (16827.20278)
MS21-O365M37713Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for
x86 version 2309 (16827.20278)
MS21-O365M37707Update for Microsoft 365 Apps for Monthly Enterprise Channel for
x64 2309 of version (16827.20278)
MS21-O365M37709Update for Microsoft 365 Apps for Monthly Enterprise Channel for
x86 version 2309 (16827.20278)
MS21-O365S37715Update for Microsoft 365 Apps for Business Semi Annual Channel for
x64 2302 of version(16130.20846)
MS21-O365S37717Update for Microsoft 365 Apps for Business Semi Annual Channel for
x86 2302 of version(16130.20846)
MS21-O365S37719Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for
x64 2302 of version(16130.20846)
MS21-O365S37721Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for
x86 2302 of version(16130.20846)
MS21-O365SP37723Update for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x64 2308 of version(16731.20398)
MS21-O365SP37725Update for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x86 2308 of version(16731.20398)
MS23-NOV737696Security Update for Microsoft Office 2016 (KB5002521) 64-Bit Edition
MS23-NOV737697Security Update for Microsoft Office 2016 (KB5002521) 32-Bit Edition


*Patch details for CVE-2023-36038 will be added to the forum shortly.


‚Äč
Regards,
The ManageEngine Team

      New to ADSelfService Plus?