Patch Tuesday: 5 zero-day vulnerabilities, 3 critical CVEs

Microsoft released its monthly security updates on November 14, 2023. The updates fixed five zero-day vulnerabilities that were known to be exploited in the wild. Among them, three were classified as Critical, 19 were linked to potential remote code execution, and 18 addressed vulnerabilities that could lead to privilege elevation. 

Let’s take a closer look at the most interesting updates for this month. 

Notable Critical Microsoft Vulnerabilities

 ⭕ Windows HMAC Key Derivation Elevation of Privilege Vulnerability

• CVE-2023-36400 is targeting HMAC (Hash-based Message Authentication Code) which is designed to check the integrity of messages transmitted over non-secure channels, utilizing secret keys known only by the sender and receiver. To exploit this vulnerability an attacker would need to access the system and execute a tailored application. If the attack is successful, it could grant SYSTEM-level privileges to the attacker.  

⭕ Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

• CVE-2023-36397 is targeting the Pragmatic General Multicast (PGM) protocol which is used for multicast transmissions suitable for transferring files to multiple receivers. PGM ensures the reliable delivery of packet sequences to multiple recipients at the same time. In a scenario where the Windows Message Queuing is operational within a PGM server, the vulnerability can allow an attacker to carry out remote code execution and attempt to run a malicious code.

November's Patch Tuesday Addressing Zero-day Flaws targeting operating systems. 

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 

• CVE-2023-36036 is targeting the mini filter driver which can filter IRP-based I/O operations as well as fast I/O and file system filter (FSFilter) callback operations. For each of the I/O operations it chooses to filter, a minifilter can register a preoperation callback routine, a postoperation callback routine, or both. If this vulnerability is exploited effectively, it could enable an attacker to achieve SYSTEM-level privileges.
• The vulnerability has been listed in CISA’s Known Exploited Vulnerabilities Catalog and users are requested to patch it before December 12, 2023.
  

Windows DWM Core Library Elevation of Privilege Vulnerability 

• CVE-2023-36033 is targeting the Desktop Window Manager (DWM) which is an integral system component in Microsoft Windows, tasked with rendering all visual elements on a laptop or desktop computer. DWM handles various visual effects including system animations, wallpapers, themes, thumbnails, and features like Windows Aero, Windows Flip, and Windows Flip3D, in addition to managing transparency in interface elements. If an attacker successfully exploits this vulnerability, they could potentially gain SYSTEM-level privileges. 
• This vulnerability has been listed in CISA’s Known Exploited Vulnerabilities Catalog and users are requested to patch it before December 12, 2023.
  

Windows SmartScreen Security Feature Bypass Vulnerability 

• CVE-2023-36025 is targeting Windows SmartScreen which is a feature in Microsoft Windows designed to provide protection from harmful software and websites. Operating in the background, SmartScreen uses a cloud-based system to continuously scan and evaluate the security of web pages accessed by users. 
• For an attacker to exploit this particular vulnerability, they must persuade a user to click on a specially created Internet Shortcut (.URL) file or a hyperlink that leads to such a file. If the attack is successful, it could allow the attacker to circumvent Windows Defender SmartScreen's checks and related warnings. 
• This vulnerability has been listed in CISA’s Known Exploited Vulnerabilities Catalog and users are requested to patch it before December 12, 2023.

‍

Runecast protects you against all of these vulnerabilities

Runecast covers all 31 of the vulnerabilities that affect Windows operating systems, all mentioned below:

At Runecast we ensure that all OS vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.

Runecast is an AI-powered platform that gives you complete visibility and proactive control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, and security and continuous compliance audits to ensure that every aspect of your environment is protected. 

Additionally, Runecast provides explicit instructions and generates custom remediation scripts, to help IT teams maintain continuous compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Kubernetes, and VMware environments and can operate entirely on-premises or via our new SaaS offering.

‍