Security News > 2023 > November > Another month, another bunch of fixes for Microsoft security bugs exploited in the wild
Patch Tuesday Heads up: Microsoft's November Patch Tuesday includes fixes for about 60 vulnerabilities - including three that have already been found and abused in the wild.
The third vulnerability that was exploited before Microsoft could push a patch out, CVE-2023-36025, allows miscreants to bypass security features in Windows Defender SmartScreen - Redmond's anti-phishing and anti-malware feature.
CVE-2023-36413, a Microsoft Office security feature bypass flaw, can be exploited if an attacker convinces someone to open a malicious file - which we all know isn't too difficult to do.
"This vulnerability could be exploited by an unauthenticated attacker targeting a Microsoft PEAP Server by transmitting specially crafted malicious PEAP packets across the network," Silva told The Register.
Adobe patched a whopping 76 vulnerabilities across its Acrobat and Reader, InDesign, InCopy, Photoshop, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, Bridge, RoboHelp Server, and FrameMaker Publishing Server products - though none of the bugs have been found or exploited by miscreants.
Finally, a single critical bug in FrameMaker Publishing Server could be exploited to bypass security features.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/15/november_2023_patch_tuesday/
Related news
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-36413 | Unspecified vulnerability in Microsoft products Microsoft Office Security Feature Bypass Vulnerability | 6.5 |
| 2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |