Security News > 2023 > November > Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities - including three that have already been found and abused in the wild.
The third vulnerability that was exploited before Microsoft could push a patch out, CVE-2023-36025, allows miscreants to bypass security features in Windows Defender SmartScreen - Redmond's anti-phishing and anti-malware feature.
CVE-2023-36413, a Microsoft Office security feature bypass flaw, can be exploited if an attacker convinces someone to open a malicious file - which we all know isn't too difficult to do.
"This vulnerability could be exploited by an unauthenticated attacker targeting a Microsoft PEAP Server by transmitting specially crafted malicious PEAP packets across the network," Silva told The Register.
Adobe patched a whopping 76 vulnerabilities across its Acrobat and Reader, InDesign, InCopy, Photoshop, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, Bridge, RoboHelp Server, and FrameMaker Publishing Server products - though none of the bugs have been found or exploited by miscreants.
Finally, a single critical bug in FrameMaker Publishing Server could be exploited to bypass security features.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/15/november_2023_patch_tuesday/
Related news
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- AI agents swarm Microsoft Security Copilot (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36413 | Unspecified vulnerability in Microsoft products Microsoft Office Security Feature Bypass Vulnerability | 6.5 |
2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |