Sedara Security Bulletin: Microsoft Monthly Security Update
Summary
Microsoft released their monthly security update on Tuesday, which included fixes for three zero-day vulnerabilities. These vulnerabilities are rated “important”. They affect services that are commonly enabled on core versions of Windows. Additionally, these vulnerabilities have been observed as exploited in the wild, often being combined with remote code execution attacks. Therefore, Sedara recommends patching Windows servers and endpoints with this month’s security release as soon as possible in accordance with your organization’s patching procedures.
The 3 Zero-Day Vulnerabilities:
CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability
- Software affected: Microsoft Windows Desktop Window Manager (DWM) Core Library
- Base score: 7.8 (high)
- Effect: After an attacker authenticates or finds a code execution bug, this vulnerability could allow them to gain elevated privileges on the system by sending a specially crafted request to the DWM Core Library.
- More information, including a list of operating systems affected: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
- Mitigation: apply Microsoft November 2023 security release patch.
CVE-2023-36036 – Microsoft Windows Cloud Files Mini Filter Driver privilege escalation
- Software affected: Microsoft Windows Cloud Files Mini Filter Driver privilege escalation
- CVSS score: 7.8 (high)
- Type: Elevation of privilege vulnerability
- Effect: After an attacker authenticates or discovers a code execution bug, they can gain elevated privilege on the system, caused by a flaw in the Cloud Files Mini Driver Elevation component.
- More information, including a list of operating systems affected: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36036
- Mitigation: apply Microsoft November 2023 security release patch.
CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability
- Software affected: Windows SmartScreen
- CVSS score: 8.8 (high)
- Type: Security software bypass
- Systems affected: Windows SmartScreen
- Effect: An attacker who convinces a user to open a specially crafted Internet link without seeing the anti-phishing or anti-malware alerts provided by Windows SmartScreen.
- More information, including a list of operating systems affected: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36025
- Mitigation: apply Microsoft November 2023 security release patch.
How Sedara Can Help
Our Security Operations Center can assist your organization in detecting and responding to threats through 24x7x365 monitoring. Staffed with expert analysts, our SOC provides visibility across your entire network for real-time analysis and alerting of security events. We help you ignore the noise so you can take immediate action on security incidents.