Security News > 2023 > November > Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities.
The total count of 58 flaws does not include 5 Mariner security updates and 20 Microsoft Edge security updates released earlier this month.
The flaw was discovered internally by the Microsoft Threat Intelligence Microsoft Security Response Center.
Microsoft has fixed an actively exploited and publicly disclosed Windows DWM Core Library vulnerability that can be used to elevate privileges to SYSTEM. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft.
Microsoft says that the flaw was discovered by Will Metcalf, Microsoft Threat Intelligence, and the Microsoft Office Product Group Security Team.
Microsoft says that two other publicly disclosed zero-day bugs, 'CVE-2023-36413 - Microsoft Office Security Feature Bypass Vulnerability' and the 'CVE-2023-36038 - ASP.NET Core Denial of Service Vulnerability,' were also fixed as part of today's Patch Tuesday.
News URL
Related news
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- CrushFTP warns users to patch exploited zero-day “immediately” (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36038 | Unspecified vulnerability in Microsoft Asp.Net Core and Visual Studio 2022 ASP.NET Core Denial of Service Vulnerability | 7.5 |
2023-11-14 | CVE-2023-36413 | Unspecified vulnerability in Microsoft products Microsoft Office Security Feature Bypass Vulnerability | 6.5 |