Clement Brako Akomea Table of Contents
Microsoft Fixes 2023 Zero-Day Exploit in Latest Security Update: In its November 2023 Patch Tuesday update, Microsoft has rolled out fixes for a myriad of vulnerabilities, including some critical zero-day exploits that have been actively used in attacks.
Short Summary to Microsoft Fixes 2023 Zero-Day Exploit in Latest Security Update:
- Microsoft patches critical zero-day vulnerabilities actively exploited in the wild.
- 57 Common Vulnerabilities and Exposures (CVEs) were addressed in total.
- Significant patches for popular Microsoft services and applications.
Microsoft has issued its latest security update, fixing a total of 57 CVEs, with 54 rated as important, and three critical zero-day vulnerabilities that have been actively exploited in the wild.
This comprehensive update covers a broad spectrum of Microsoft’s product ecosystem, from the Windows operating system and Microsoft Office to Azure and Visual Studio.
A Patch-Filled November
The November 2023 update targets vulnerabilities across various components and services, reflecting the widespread reach and diverse application of Microsoft’s software in the corporate and consumer space. Among the patched components are:
- .NET Framework
- ASP.NET
- Azure and Azure DevOps
- Microsoft Office Suite (including Excel, SharePoint)
- Windows Kernel and Windows Hyper-V
Security researcher Quan Jin of DBAPPSecurity WeBin Lab highlighted the importance of keeping systems patched, remarking:
The breadth of this month’s patch indicates just how diverse the attack surface has become. Addressing these vulnerabilities is essential to maintaining system integrity.
Key Zero-Day Vulnerabilities Fixed
Three particularly critical zero-day vulnerabilities have been addressed in this update:
CVE-2023-36025: Windows SmartScreen Security Feature Bypass
This flaw was assigned a CVSSv3 score of 8.8 and is rated important. It was exploited in the wild and allows attackers to bypass security checks by tricking users into clicking on specially crafted URL files.
The attack method poses severe risks as it bypasses the built-in defenses of Windows Defender SmartScreen.
“This is the third Windows SmartScreen zero-day vulnerability exploited in the wild in 2023, highlighting the ongoing threats we face,” commented a Microsoft spokesperson.
CVE-2023-36033: DWM Core Library Elevation of Privilege
This vulnerability in the Windows Desktop Window Manager (DWM) Core Library allows local attackers to elevate privileges to the SYSTEM level, with a CVSSv3 score of 7.8.
Discovered by security researcher Quan Jin, this is the first DWM Core Library EoP vulnerability exploited in the wild in the last two years.
CVE-2023-36036: Windows Cloud Files Mini Filter Driver Elevation of Privilege
This EoP vulnerability impacts the Microsoft Cloud Files Mini Filter Driver (cldflt.sys). Like other EoP flaws, it allows local attackers to gain SYSTEM privileges, indicating how critical a patch for this vulnerability is.
Other Noteworthy Vulnerabilities
The patch also addressed several other critical issues:
CVE-2023-36413: Microsoft Office Security Feature Bypass
Rated at 6.5, this vulnerability can be exploited by social engineering to bypass Microsoft Office’s security features. If a user is convinced to open a maliciously crafted Office file, it can execute without warning, bypassing protections such as Protected View.
“Consistent updates and user awareness are crucial in mitigating such vulnerabilities,” said security experts Eduardo Braun Prado and Will Dormann, who disclosed the flaw.
CVE-2023-36439: Microsoft Exchange Server Remote Code Execution
This RCE vulnerability scored 8.0 CVSSv3 and affects the Microsoft Exchange Server. An authenticated user exploiting this flaw can execute code as SYSTEM, emphasizing the need for immediate patching following Microsoft’s guidelines.
Historical Context and Continued Threats
Revisiting similar vulnerabilities from previous patches, we can observe Microsoft’s ongoing battle with persistent threats targeting its wide array of services. For example, the high-severity vulnerability CVE-2024-38080, concerning Windows Hyper-V, demonstrates how core system components remain at risk.
Exploitation of these vulnerabilities has real-world consequences, such as unauthorized privilege escalations and potential system hijackings.
Future Vigilance and Recommendations
Following each Patch Tuesday, it is prudent for IT administrators to prioritize updating their systems. Delaying updates, even slightly, can expose systems to significant risks, especially with active zero-day threats.
CISA similarly emphasizes the importance of immediate patching of known vulnerabilities to safeguard sensitive data and infrastructure.
Conclusion
Microsoft’s November 2023 security patch highlights the critical nature of staying vigilant and responsive to emerging cyber threats.
By addressing a broad spectrum of vulnerabilities, including complex zero-day exploits actively being targeted in the wild, Microsoft reinforces the importance of regular updates and comprehensive cybersecurity measures to protect against evolving attack vectors.
