Adrian Borlea
Vulnerability Assessment
Security
Security Alert
In this article:

Microsoft released its monthly security updates on November 14, 2023. The updates fixed five zero-day vulnerabilities that were known to be exploited in the wild. Among them, three were classified as Critical, 19 were linked to potential remote code execution, and 18 addressed vulnerabilities that could lead to privilege elevation. 


Let’s take a closer look at the most interesting updates for this month. 

Notable Critical Microsoft Vulnerabilities

 ⭕ Windows HMAC Key Derivation Elevation of Privilege Vulnerability

  • CVE-2023-36400 is targeting HMAC (Hash-based Message Authentication Code) which is designed to check the integrity of messages transmitted over non-secure channels, utilizing secret keys known only by the sender and receiver. To exploit this vulnerability an attacker would need to access the system and execute a tailored application. If the attack is successful, it could grant SYSTEM-level privileges to the attacker.  

⭕ Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

  • CVE-2023-36397 is targeting the Pragmatic General Multicast (PGM) protocol which is used for multicast transmissions suitable for transferring files to multiple receivers. PGM ensures the reliable delivery of packet sequences to multiple recipients at the same time. In a scenario where the Windows Message Queuing is operational within a PGM server, the vulnerability can allow an attacker to carry out remote code execution and attempt to run a malicious code.


November's Patch Tuesday Addressing Zero-day Flaws targeting operating systems. 


Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 

  • CVE-2023-36036 is targeting the mini filter driver which can filter IRP-based I/O operations as well as fast I/O and file system filter (FSFilter) callback operations. For each of the I/O operations it chooses to filter, a minifilter can register a preoperation callback routine, a postoperation callback routine, or both. If this vulnerability is exploited effectively, it could enable an attacker to achieve SYSTEM-level privileges.
  • The vulnerability has been listed in CISA’s Known Exploited Vulnerabilities Catalog and users are requested to patch it before December 12, 2023.

Windows DWM Core Library Elevation of Privilege Vulnerability 

  • CVE-2023-36033 is targeting the Desktop Window Manager (DWM) which is an integral system component in Microsoft Windows, tasked with rendering all visual elements on a laptop or desktop computer. DWM handles various visual effects including system animations, wallpapers, themes, thumbnails, and features like Windows Aero, Windows Flip, and Windows Flip3D, in addition to managing transparency in interface elements. If an attacker successfully exploits this vulnerability, they could potentially gain SYSTEM-level privileges. 
  • This vulnerability has been listed in CISA’s Known Exploited Vulnerabilities Catalog and users are requested to patch it before December 12, 2023.

Windows SmartScreen Security Feature Bypass Vulnerability 

  • CVE-2023-36025 is targeting Windows SmartScreen which is a feature in Microsoft Windows designed to provide protection from harmful software and websites. Operating in the background, SmartScreen uses a cloud-based system to continuously scan and evaluate the security of web pages accessed by users. 
  • For an attacker to exploit this particular vulnerability, they must persuade a user to click on a specially created Internet Shortcut (.URL) file or a hyperlink that leads to such a file. If the attack is successful, it could allow the attacker to circumvent Windows Defender SmartScreen's checks and related warnings. 
  • This vulnerability has been listed in CISA’s Known Exploited Vulnerabilities Catalog and users are requested to patch it before December 12, 2023.

Mitre: CVE-2023-24023 Bluetooth Vulnerability

CVE-2023-24023

Microsoft Remote Registry Service Remote Code Execution Vulnerability

CVE-2023-36423

Microsoft Remote Registry Service Remote Code Execution Vulnerability

CVE-2023-36401

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-36402

Windows Search Service Elevation of Privilege Vulnerability

CVE-2023-36394

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

CVE-2023-36719

Windows User Interface Application Core Remote Code Execution Vulnerability

CVE-2023-36393

Windows Authentication Elevation of Privilege Vulnerability

CVE-2023-36047

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability

CVE-2023-36428

Windows Authentication Denial of Service Vulnerability

CVE-2023-36046

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2023-36036

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2023-36424

Windows Compressed Folder Remote Code Execution Vulnerability

CVE-2023-36396

DHCP Server Service Denial of Service Vulnerability

CVE-2023-36392

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

CVE-2023-36425

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2023-36033

Windows HMAC Key Derivation Elevation of Privilege Vulnerability

CVE-2023-36400

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2023-36427

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2023-36407

Windows Hyper-V Information Disclosure Vulnerability

CVE-2023-36406

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2023-36408

Windows Installer Elevation of Privilege Vulnerability

CVE-2023-36705

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-36397

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-36405

Windows Kernel Information Disclosure Vulnerability

CVE-2023-36404

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-36403

Windows NTFS Information Disclosure Vulnerability

CVE-2023-36398

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

CVE-2023-36028

Windows Scripting Engine Memory Corruption Vulnerability

CVE-2023-36017

Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2023-36025

Windows Storage Elevation of Privilege Vulnerability

CVE-2023-36399


Runecast protects you against all of these vulnerabilities

Runecast covers all 31 of the vulnerabilities that affect Windows operating systems, all mentioned below:

At Runecast we ensure that all OS vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.

Runecast is an AI-powered platform that gives you complete visibility and proactive control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, and security and continuous compliance audits to ensure that every aspect of your environment is protected. 

Additionally, Runecast provides explicit instructions and generates custom remediation scripts, to help IT teams maintain continuous compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Kubernetes, and VMware environments and can operate entirely on-premises or via our new SaaS offering.

Meet other Runecasters here:

Run Secure and Compliant Workloads Anywhere

Let Runecast detect and assess risks, so you can be fully compliant in minutes.

Get Free Trial