[Zero-day] Microsoft release updates for 5 zero-days on November 2023's Patch Tuesday

[Zero-day] Microsoft release updates for 5 zero-days on November 2023's Patch Tuesday

Hello everyone! 

Microsoft has published updates for a total of 63 vulnerabilities in this Patch Tuesday. Of the total, 5 of these have been classified as zero-days. 

Here are the details of the zero days:


CVE ID
Description
CVE-2023-36025
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36033  
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36038 
ASP.NET Core Denial of Service Vulnerability
CVE-2023-36413 
Microsoft Office Security Feature Bypass Vulnerability

These patches can be deployed to your endpoints seamlessly, using one of the following methods:


Note: Kindly ensure that a Vulnerability DB sync has been initiated and completed successfully before proceeding.

Method 1:

a. On the console, navigate to Patches > Missing Patches and create a filter.

b. The criterion for the filter should be: CVE ID - equal - <CVE ID of the respective vulnerability>.

c. Once done, the missing patches in your network, corresponding to the particular CVE ID will be listed below. 


Method 2: 

a. Navigate to Patches > Top-Priority Patches.

b. Select the required patches via the Patch ID.

c. Click on Install/Publish Patches to deploy them.


Here is a list of the patch IDs corresponding to the vulnerabilities: 

Bulletin IDPatch IDDescription
MS23-NOV3376122023-11 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376102023-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376132023-11 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376112023-11 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376142023-11 Cumulative Update for Windows 11 for x64-based Systems (KB5032192) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376032023-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376042023-11 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376022023-11 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376012023-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5032198) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376082023-11 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5032190) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376092023-11 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5032190) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV2376232023-11 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5032248) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV2376222023-11 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5032248) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV2376212023-11 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5032250) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376122023-11 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376102023-11 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376132023-11 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376112023-11 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5032189) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376142023-11 Cumulative Update for Windows 11 for x64-based Systems (KB5032192) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376032023-11 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376042023-11 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376022023-11 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5032196) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376182023-11 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376172023-11 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376162023-11 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5032197) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376012023-11 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5032198) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376192023-11 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5032199) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376202023-11 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5032199) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV3376082023-11 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5032190) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV3376092023-11 Cumulative Update for Windows 11 Version 23H2 for x64-based Systems (KB5032190) (CVE-2023-36036) (CVE-2023-36025) (CVE-2023-36033)
MS23-NOV6376252023-11 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5032254) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV6376262023-11 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5032254) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV6376242023-11 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5032252) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV6376282023-11 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5032247) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS23-NOV6376272023-11 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5032249) (ESU) (CVE-2023-36036) (CVE-2023-36025)
MS21-O2019R37731Update for Office 2019 for x64 2310 Retail Version (16924.20150)
MS21-O2019R37733Update for Office 2019 for x86 2310 Retail Version (16924.20150)
MS21-O2019V37727Update for Office 2019 for x64 1808 of volume version (10404.20013)
MS21-O2019V37729Update for Office 2019 for x86 1808 of volume version (10404.20013)
MS21-O2021R37739Update for Office 2021 for x64 2310 of Retail Version  (16924.20150)
MS21-O2021R37741Update for Office 2021 for x86 2310 of Retail Version (16924.20150)
MS21-O2021V37735Update for Office 2021 for x64 2108 of volume version(14332.20604)
MS21-O2021V37737Update for Office 2021 for x86 2108 of volume version (14332.20604)
MS21-O365C37699Update for Microsoft 365 Apps for Business Current Channel for x64 2310 of version (16924.20150)
MS21-O365C37701Update for Microsoft 365 Apps for Business Current Channel for x86 2310 of version (16924.20150)
MS21-O365C37703Update for Microsoft 365 Apps for Enterprise Current Channel for x64 2310 of version (16924.20150)
MS21-O365C37705Update for Microsoft 365 Apps for Enterprise Current Channel for x86 2310 of version (16924.20150)
MS21-O365M37711Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for x64 2309 of version (16827.20278)
MS21-O365M37713Update for Microsoft 365 Apps for Business Monthly Enterprise Channel for
x86 version 2309 (16827.20278)
MS21-O365M37707Update for Microsoft 365 Apps for Monthly Enterprise Channel for
x64 2309 of version (16827.20278)
MS21-O365M37709Update for Microsoft 365 Apps for Monthly Enterprise Channel for
x86 version 2309 (16827.20278)
MS21-O365S37715Update for Microsoft 365 Apps for Business Semi Annual Channel for
x64 2302 of version(16130.20846)
MS21-O365S37717Update for Microsoft 365 Apps for Business Semi Annual Channel for
x86 2302 of version(16130.20846)
MS21-O365S37719Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for
x64 2302 of version(16130.20846)
MS21-O365S37721Update for Microsoft 365 Apps for Enterprise Semi Annual Channel for
x86 2302 of version(16130.20846)
MS21-O365SP37723Update for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x64 2308 of version(16731.20398)
MS21-O365SP37725Update for Microsoft 365 Apps for Enterprise Semi Annual Preview Channel for x86 2308 of version(16731.20398)
MS23-NOV737696Security Update for Microsoft Office 2016 (KB5002521) 64-Bit Edition
MS23-NOV737697Security Update for Microsoft Office 2016 (KB5002521) 32-Bit Edition


*Patch details for CVE-2023-36038 will be added to the forum shortly.


​
Regards,
The ManageEngine Team


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
              See all integrations
              New to ADManager Plus?
              See all integrations
              New to ADManager Plus?

                New to ADSelfService Plus?

                Start your free trial
                Start your free trial



                          Related Products