Security News > 2023 > November > Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities - including three that have already been found and abused in the wild.
The third vulnerability that was exploited before Microsoft could push a patch out, CVE-2023-36025, allows miscreants to bypass security features in Windows Defender SmartScreen - Redmond's anti-phishing and anti-malware feature.
CVE-2023-36413, a Microsoft Office security feature bypass flaw, can be exploited if an attacker convinces someone to open a malicious file - which we all know isn't too difficult to do.
"This vulnerability could be exploited by an unauthenticated attacker targeting a Microsoft PEAP Server by transmitting specially crafted malicious PEAP packets across the network," Silva told The Register.
Adobe patched a whopping 76 vulnerabilities across its Acrobat and Reader, InDesign, InCopy, Photoshop, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, Bridge, RoboHelp Server, and FrameMaker Publishing Server products - though none of the bugs have been found or exploited by miscreants.
Finally, a single critical bug in FrameMaker Publishing Server could be exploited to bypass security features.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/15/november_2023_patch_tuesday/
Related news
- Microsoft overhauls security for publishing Edge extensions (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft warns it lost some customer's security logs for a month (source)
- Microsoft lost some customers’ cloud security logs (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-36413 | Unspecified vulnerability in Microsoft products Microsoft Office Security Feature Bypass Vulnerability | 6.5 |
| 2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |