Security News > 2023 > November > Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities - including three that have already been found and abused in the wild.
The third vulnerability that was exploited before Microsoft could push a patch out, CVE-2023-36025, allows miscreants to bypass security features in Windows Defender SmartScreen - Redmond's anti-phishing and anti-malware feature.
CVE-2023-36413, a Microsoft Office security feature bypass flaw, can be exploited if an attacker convinces someone to open a malicious file - which we all know isn't too difficult to do.
"This vulnerability could be exploited by an unauthenticated attacker targeting a Microsoft PEAP Server by transmitting specially crafted malicious PEAP packets across the network," Silva told The Register.
Adobe patched a whopping 76 vulnerabilities across its Acrobat and Reader, InDesign, InCopy, Photoshop, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, Bridge, RoboHelp Server, and FrameMaker Publishing Server products - though none of the bugs have been found or exploited by miscreants.
Finally, a single critical bug in FrameMaker Publishing Server could be exploited to bypass security features.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/15/november_2023_patch_tuesday/
Related news
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- AI agents swarm Microsoft Security Copilot (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (source)
- Widespread Microsoft Entra lockouts tied to new security feature rollout (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-36413 | Unspecified vulnerability in Microsoft products Microsoft Office Security Feature Bypass Vulnerability | 6.5 |
| 2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |