November's Patch Tuesday offers fixes for 58 vulnerabilities, a significantly lower figure than last month's 104. The vulnerabilities patched are shared between 4 critical and 54 important vulnerabilities with 3 publicly disclosed and exploited in the wild recorded.
This critical vulnerability allows an unauthenticated attacker to search and discover credentials contained in log files that have been stored in open-source repositories. An attacker that successfully exploits this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions. Customers who are affected by this flaw are advised to update their Azure CLI version to 2.53.1 or above.
An HMAC can be used to determine whether a message sent over an insecure channel has been tampered with, provided that the sender and receiver share a secret key. Successful exploitation requires the attacker to first have to log on to the system; from here, they can gain SYSTEM privileges by running a specially crafted application that could exploit the vulnerability and taking control of the affected system. If a successful attack was performed from a low-privilege Hyper-V guest, the attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.
This Microsoft Office security feature bypass vulnerability allows an attacker to send a PowerPoint document to their victim and allow it to be opened in editing mode rather than protected view. This could allow malicious macros to run without interference from the protected view feature. Successful exploitation requires the end user to interact and open the malicious file themselves; for this reason, the vulnerability is considered of important severity and not higher.
Windows SmartScreen functions as a security measure within Microsoft Windows operating systems, designed to safeguard against potential threats from malicious software and harmful websites. This important, actively exploited in-the-wild, vulnerability allows an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. Exploitation would require the victim to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file.
ASP.NET is a widely used web development framework for building web applications on the.NET platform. This publicly disclosed important vulnerability could be exploited if HTTP requests to .NET 8 RC 1 running on IIS InProcess hosting model are cancelled. Threads counts would increase and an OutOfMemoryException is possible. If successfully exploited this vulnerability might result in a total loss of availability.
Desktop Window Manager (DWM) is a core system file in Microsoft Windows. It is responsible for producing each component visible on a laptop or PC. If successfully exploited, this important, exploited in the wild, and publicly disclosed vulnerability has the potential to enable an attacker to obtain SYSTEM privileges.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2023-Nov
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.