CVE-2023-36033
published 2023-11-14CVE-2023-36033: Windows DWM Core Library Elevation of Privilege Vulnerability
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-12-05
Exploited in the wild
Windows DWM Core Library Elevation of Privilege Vulnerability
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.5122 | 10.0.17763.5122 |
| microsoft | windows_10_21h2 | < 10.0.19041.3693 | 10.0.19041.3693 |
| microsoft | windows_10_22h2 | < 10.0.19045.3693 | 10.0.19045.3693 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.5122 | 10.0.17763.5122 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.5122 | 10.0.17763.5122 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19043.3693 | 10.0.19043.3693 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3693 | 10.0.19045.3693 |
| microsoft | windows_11_21h2 | < 10.0.22000.2600 | 10.0.22000.2600 |
| microsoft | windows_11_22h2 | < 10.0.22621.2715 | 10.0.22621.2715 |
| microsoft | windows_11_23h2 | < 10.0.22621.2715 | 10.0.22621.2715 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2600 | 10.0.22000.2600 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.2715 | 10.0.22621.2715 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.2715 | 10.0.22631.2715 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.2715 | 10.0.22631.2715 |
| microsoft | windows_server_2019 | < 10.0.17763.5122 | 10.0.17763.5122 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.5122 | 10.0.17763.5122 |
| microsoft | windows_server_2022 | < 10.0.20348.2113 | 10.0.20348.2113 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2113 | 10.0.20348.2113 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.531 | 10.0.25398.531 |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
GHSA
GHSA-px3r-p5ph-hg48: Windows DWM Core Library Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-11-14
CVE-2023-36033 [HIGH] CWE-119 GHSA-px3r-p5ph-hg48: Windows DWM Core Library Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
VulnCheck
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
vulncheck·2023·CVSS 7.8
CVE-2023-36033 [HIGH] CWE-822 Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
Affected: Microsoft Windows
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2023-Nov; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/uploads/2024/02/02/dcc93e586f9028c68e7ab34c3326ff31.pdf; https://securelist.com/cve-2024-30051/112618/; https://securelist.com/it-thr
Project0
Project Zero RCA: CVE-2023-36033: Windows DWM Core Library Elevation of Privilege Vulnerability
project_zero·CVSS 7.8
CVE-2023-36033 [HIGH] Project Zero RCA: CVE-2023-36033: Windows DWM Core Library Elevation of Privilege Vulnerability
# CVE-2023-36033: Windows DWM Core Library Elevation of Privilege Vulnerability
*Genwei Jiang, FLARE OTF*
## The Basics
**Disclosure or Patch Date:** Nov 14, 2023
**Product:** Windows 10, Windows Server 2019/2022, Windows 11
**Advisory:** https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
**Affected Versions:** pre Nov 14, 2023
**First Patched Version:** Nov 14, 2023
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** [Quan Jin (@jq0904)](https://twitter.com/jq0904) with [DBAPPSecurity WeBin Lab](https://www.dbappsecurity.com.cn/product/cloud250.html)
## The Code
**Proof-of-concept:** N/A
**Exploit sample:** [3a3feea7ededb728efce89a6d74a823d700e2fe9994bc8791e132bf548473e93](https://www.virustotal.com/gui/file/3a3feea7ededb
CISA
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
cisa·2023-11-14·CVSS 7.8
CVE-2023-36033 [HIGH] CWE-822 Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Affected: Microsoft Windows
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36033
Remediation Due Date: 2023-12-05
Microsoft
Windows DWM Core Library Elevation of Privilege Vulnerability
vendor_msrc·2023-11-14·CVSS 7.8
CVE-2023-36033 [HIGH] CWE-822 Windows DWM Core Library Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows DWM Core Library: Windows DWM Core Library
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:Yes;Exploited:Yes;Latest Software Release:Exploitation Detected
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032196
Reference: https://support.microsoft.com/help/5032196
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5032198
Reference: https://support.microsoft.com/help/5032198
Reference: https://catalog.update.micros
Oracle
Oracle Oracle GoldenGate Risk Matrix: Oracle GoldenGate Stream Analytics (jsoup) — CVE-2022-36033
vendor_oracle·2023-07-15·CVSS 6.1
CVE-2022-36033 [MEDIUM] Oracle Oracle GoldenGate Risk Matrix: Oracle GoldenGate Stream Analytics (jsoup) — CVE-2022-36033
Oracle Oracle GoldenGate Risk Matrix: Oracle GoldenGate Stream Analytics (jsoup) vulnerability
CVE: CVE-2022-36033
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
Oracle
Oracle Oracle Construction and Engineering Risk Matrix: User Interface (jsoup) — CVE-2022-36033
vendor_oracle·2023-04-15·CVSS 6.1
CVE-2022-36033 [MEDIUM] Oracle Oracle Construction and Engineering Risk Matrix: User Interface (jsoup) — CVE-2022-36033
Oracle Oracle Construction and Engineering Risk Matrix: User Interface (jsoup) vulnerability
CVE: CVE-2022-36033
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
No detection rules found.
No public exploits indexed.
Securelist
Kaspersky report on APT trends in Q3 2024
blogs_securelist·2024-11-28
Kaspersky report on APT trends in Q3 2024
Table of Contents
- The most remarkable findings
- Chinese-speaking activity
- Europe
- Middle East
- Southeast Asia and Korean Peninsula
- Hacktivism
- Other interesting discoveries
- Final thoughts
Authors
- GReAT
Kaspersky’s Global Research and Analysis Team (GReAT) has been releasing quarterly summaries of advanced persistent threat (APT) activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we’ve published and discussed in more detail in our private APT reports. They are intended to highlight the significant events and findings that we think are important for people to know about. This is our latest roundup, covering activity we observed during Q3 2024.
If you’d like to learn more about our intellige
Securelist
APT trends report Q3 2024
blogs_securelist·2024-11-28
APT trends report Q3 2024
Table of Contents
The most remarkable findings
Chinese-speaking activity
Europe
Middle East
Southeast Asia and Korean Peninsula
Hacktivism
Other interesting discoveries
Final thoughts
Authors
GReAT
Kaspersky’s Global Research and Analysis Team (GReAT) has been releasing quarterly summaries of advanced persistent threat (APT) activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we’ve published and discussed in more detail in our private APT reports. They are intended to highlight the significant events and findings that we think are important for people to know about. This is our latest roundup, covering activity we observed during Q3 2024.
If you’d like to learn more about our intelligence reports
Securelist
IT threat evolution Q2 2024
blogs_securelist·2024-09-03
IT threat evolution Q2 2024
Table of Contents
Targeted attacks
XZ backdoor: a supply chain attack in the making
Timeline of events
DuneQuixote campaign targeting the Middle East
ToddyCat: punching holes in your infrastructure
Other malware
QakBot attacks with Windows zero-day
Using the LockBit builder to generate targeted ransomware
Stealers, stealers and more stealers
ShrinkLocker: turning BitLocker into a ransomware utility
Authors
David Emm
## Targeted attacks
## XZ backdoor: a supply chain attack in the making
On March 29, a message on the Openwall oss-security mailing list announced the discovery of a backdoor in XZ, a compression utility included in many popular Linux distributions. The backdoored library is used by the OpenSSH server process sshd . On a number of systemd -based distributions, in
Securelist
Malware report for Q2 2024 — a quarterly review
blogs_securelist·2024-09-03
Malware report for Q2 2024 — a quarterly review
Table of Contents
- Targeted attacks
- Other malware
Authors
- David Emm
## Targeted attacks
### XZ backdoor: a supply chain attack in the making
On March 29, a message on the Openwall oss-security mailing list announced the discovery of a backdoor in XZ, a compression utility included in many popular Linux distributions. The backdoored library is used by the OpenSSH server process sshd. On a number of systemd-based distributions, including Ubuntu, Debian and RedHat/Fedora Linux, OpenSSH is patched to use systemd features and is therefore dependent on the library (Arch Linux and Gentoo are not affected). The code was inserted in February and March 2024, mostly by Jia Cheong Tan – probably a fictitious identity. We suspect that the goal of the attack was to introduce exclusive remote
Bleepingcomputer
Microsoft fixes Windows zero-day exploited in QakBot malware attacks
blogs_bleepingcomputer·2024-05-14·CVSS 7.8
CVE-2023-36033 [HIGH] Microsoft fixes Windows zero-day exploited in QakBot malware attacks
## Microsoft fixes Windows zero-day exploited in QakBot malware attacks
## Sergiu Gatlan
Kaspersky security researchers discovered the vulnerability while investigating another Windows DWM Core Library privilege escalation bug tracked as CVE-2023-36033 and also exploited as a zero-day in attacks.
While combing through data related to recent exploits and associated attacks, they stumbled upon an intriguing file uploaded to VirusTotal on April 1, 2024. The file's names hinted that it contained details on a Windows vulnerability.
As they discovered, the file provided information (in broken English) regarding a Windows Desktop Window Manager (DWM) vulnerability that could be exploited to escalate privileges to SYSTEM, with the outlined exploitation processing perfectly mirroring the one us
Securelist
QakBot attacks with Windows zero-day (CVE-2024-30051)
blogs_securelist·2024-05-14·CVSS 7.8
CVE-2023-36033 [HIGH] QakBot attacks with Windows zero-day (CVE-2024-30051)
Authors
Boris Larin
Mert Degirmenci
In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033 , which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a curious document uploaded to VirusTotal on April 1, 2024. This document caught our attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside we found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very broken English. The exploitation process described in this docum
Tenable
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
blogs_tenable·2024-05-14·CVSS 8.8
[HIGH] Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
QakBot attacks with Windows zero-day (CVE-2024-30051)
blogs_securelist·2024-05-14·CVSS 7.8
CVE-2024-30051 [HIGH] QakBot attacks with Windows zero-day (CVE-2024-30051)
Authors
- Boris Larin
- Mert Degirmenci
In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a curious document uploaded to VirusTotal on April 1, 2024. This document caught our attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside we found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very broken English. The exploitation process described in this doc
Talos
We all just need to agree that ad blockers are good
blogs_talos·2023-11-16
We all just need to agree that ad blockers are good
## We all just need to agree that ad blockers are good
I don’t think this is a particularly bold take — but I’m not afraid to say that ad blockers are good!
Ever since I started using one sometime in 2016, my experience of using the internet has improved exponentially. I can finally easily find a recipe for dinner on a random influencer’s blog, get a faster answer to “how to replace my car’s headlights” and likely avoid hundreds of pieces of malvertising .
But their use has increasingly come into question with YouTube’s new policies on preventing users from using ad blockers on its site, with new warnings saying the user has a certain number of videos they can watch before they must allowlist youtube.com in their ad blocker, thus allowing the site to display ads before YouTube videos.
Talos
We all just need to agree that ad blockers are good
blogs_talos·2023-11-16
We all just need to agree that ad blockers are good
I don’t think this is a particularly bold take — but I’m not afraid to say that ad blockers are good!
Ever since I started using one sometime in 2016, my experience of using the internet has improved exponentially. I can finally easily find a recipe for dinner on a random influencer’s blog, get a faster answer to “how to replace my car’s headlights” and likely avoid hundreds of pieces of malvertising.
But their use has increasingly come into question with YouTube’s new policies on preventing users from using ad blockers on its site, with new warnings saying the user has a certain number of videos they can watch before they must allowlist youtube.com in their ad blocker, thus allowing the site to display ads before YouTube videos.
The second this popped up for me two weeks ago, I immedia
Krebs
Microsoft Patch Tuesday, November 2023 Edition
blogs_krebs·2023-11-15·CVSS 8.8
CVE-2023-36025 [HIGH] Microsoft Patch Tuesday, November 2023 Edition
Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks.
The zero-day threats targeting Microsoft this month include CVE-2023-36025, a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. SmartScreen is a built-in Windows component that tries to detect and block malicious websites and files. Microsoft’s security advisory for this flaw says attackers could exploit it by getting a Windows user to click on a booby-trapped link to a shortcut file.
Kevin Breen, senior director of threat research at Immersive Labs, said emails with .url attachments or logs with processes spa
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14·CVSS 8.8
[HIGH] The November 2023 Security Update Review
## The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative 2023/11/14 Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
C VE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2023-36033
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
7.8
Yes
Yes
EoP
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
7.8
No
Yes
EoP
CVE-2023-36025
Windows SmartSc
Talos
Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
blogs_talos·2023-11-14·CVSS 8.8
[HIGH] Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
Microsoft’s monthly security update released Tuesday only includes three critical vulnerabilities, an unusually small number based on previous months’ Patch Tuesdays.
In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.” This is the fewest number of vulnerabilities Microsoft disclosed in a month since May.
However, there are three zero-day vulnerabilities included in November’s Patch Tuesday, and another three that have already been publicly disclosed.
CVE-2023-36033 is an elevation of privilege vulnerability in the Windows DWM Core Library that could allow an attacker to gain SYSTEM-level privileges. According to Microsoft, this vulnerability has already been exploited in the wild and there is proof-of-concept code av
Bleepingcomputer
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
blogs_bleepingcomputer·2023-11-14·CVSS 7.8
[HIGH] Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
## Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
## Lawrence Abrams
16 Elevation of Privilege Vulnerabilities
6 Security Feature Bypass Vulnerabilities
15 Remote Code Execution Vulnerabilities
6 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
11 Spoofing Vulnerabilities
The total count of 58 flaws does not include 5 Mariner security updates and 20 Microsoft Edge security updates released earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5032190 cumulative update and Windows 10 KB5032189 cumulative update .
## Five zero-days fixed
This month's Patch Tuesday fixes five zero-day vulnerabilities, with three exploited in attacks and three publicl
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14
The November 2023 Security Update Review
# The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative
2023/11/14
Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
Adobe Patches for November 2023
For November, Adobe released 14 bulletins addressing 76 CVEs in Adobe Acrobat and Reader, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, InCopy, InDesign, RoboHelp, FrameMaker Publishing Server, Bridge, and Photoshop. A total of 54 of these bugs
Qualys
November 2023 Patch Tuesday: MS and Adobe Remediation | Qualys
blogs_qualys·2023-11-14
November 2023 Patch Tuesday: MS and Adobe Remediation | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for November 2023
- Adobe Patches for November 2023
- Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response(VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft released its second last Patch Tuesday edition of the year. We invite you to join us to review and discuss the details of these security updates and
Talos
Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
blogs_talos·2023-11-14·CVSS 8.8
[HIGH] Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
## Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
Microsoft’s monthly security update released Tuesday only includes three critical vulnerabilities, an unusually small number based on previous months’ Patch Tuesdays .
In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.” This is the fewest number of vulnerabilities Microsoft disclosed in a month since May.
However, there are three zero-day vulnerabilities included in November’s Patch Tuesday, and another three that have already been publicly disclosed.
CVE-2023-36033 is an elevation of privilege vulnerability in the Windows DWM Core Library that could allow an attacker to gain SYSTEM-level privileges.
Krebs
Microsoft Patch Tuesday, November 2023 Edition
blogs_krebs·2023-11-14·CVSS 8.8
CVE-2023-36025 [HIGH] Microsoft Patch Tuesday, November 2023 Edition
Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks.
The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. SmartScreen is a built-in Windows component that tries to detect and block malicious websites and files. Microsoft’s security advisory for this flaw says attackers could exploit it by getting a Windows user to click on a booby-trapped link to a shortcut file.
Kevin Breen , senior director of threat research at Immersive Labs , said emails with .url attachments or logs with processes
Qualys
Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review
blogs_qualys·2023-11-14
Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for November 2023
Adobe Patches for November 2023
Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response(VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft released its second last Patch Tuesday edition of the year. We invite you to join us to review and discuss the details of these security updates and patches.
## M
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14·CVSS 8.8
[HIGH] The November 2023 Security Update Review
## The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative Nov 14, 2023 Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
C VE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2023-36033
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
7.8
Yes
Yes
EoP
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
7.8
No
Yes
EoP
CVE-2023-36025
Windows Smart
Tenable
Microsoft’s November 2023 Patch Tuesday Addresses 57 CVEs (CVE-2023-36025)
blogs_tenable·2023-11-14·CVSS 8.8
[HIGH] Microsoft’s November 2023 Patch Tuesday Addresses 57 CVEs (CVE-2023-36025)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Zscaler
Zscaler found Windows Security Vulnerabilities | 11-14-2023
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Windows Security Vulnerabilities | 11-14-2023
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Crowdstrike
November Patch Tuesday 2023: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] November Patch Tuesday 2023: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2023-11-14
Published
2023-11-14
Added to CISA KEV
Exploited in the wild