Microsoft’s November 2023 Patch Tuesday Updates Fix 63 Windows Flaws
Microsoft released the November 2023 Patch Tuesday Updates for all supported versions of Windows 11 and Windows 10. This month, Microsoft addressed a total of 63 vulnerabilities, including three that are actively being exploited by threat actors.
3 Critical vulnerabilities addressed in the November 2023 Patch Tuesday updates
Specifically, Microsoft released security patches to fix three Critical flaws in its November 2023 Patch Tuesday updates. In addition, 56 more vulnerabilities are rated “Important,” and four are rated “Moderate” in severity. You can find more details about all of them below:
- CVE-2023-36025: This security bypass flaw allows hackers to bypass security checks in Windows Defender SmartScreen. This means that the warnings would not appear when a Windows user attempts to open a malicious website or a potentially harmful file or application. It’s possible to exploit the vulnerability without any user interaction.
- CVE-2023-36033: This is a privilege escalation vulnerability in the Windows Desktop Manager (WDM) Core Library. It’s relatively easy to exploit and could enable hackers to gain system-level privileges on vulnerable systems. The security flaw is currently being exploited by hackers, and the method of exploitation is publicly known.
- CVE-2023-3606: This is another privilege escalation flaw in the Windows Cloud Files Mini Filter Driver. The driver is used to manage cloud-based files and it’s installed by default on almost all Windows systems. The vulnerability affects all supported versions of Windows and Windows Server.
- CVE-2023-36038: This denial-of-service vulnerability affects ASP.NET Core which could lead to total loss of availability. It impacts .NET 8.0, ASP.NET Core 8.0, as well as Visual Studio 2022 versions 17.7, 17.6, 17.4 and 17.2.
- CVE-2023-36413: This is a security feature bypass flaw in Microsoft Office, which can be exploited if a threat actor convinces the victim to open a malicious document.
Critical Severity Bugs
For November Patch Tuesday, Microsoft prioritized patches for three critical vulnerabilities listed below:
- CVE-2023-36397: This is a remote code execution (RCE) in Windows Pragmatic General Multicast protocol that is used to transport multicast data.
- CVE-2023-36052: It’s an information disclosure vulnerability in the Azure Command Line Interface REST Command.
- CVE-2023-36400: This is an elevation of privileges flaw in the Windows HMAC Key Derivation feature.
Here’s the full list of CVEs released by Microsoft with the November 2023 Patch Tuesday updates:
| Product | Impact | Max Severity | Article | Download | Details |
| Microsoft .NET Framework 3.5.1 | Security Feature Bypass | Important | 5032341 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 3.5.1 | Security Feature Bypass | Important | 5032185 | Security Only | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 | Security Feature Bypass | Important | 5032343 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 | Security Feature Bypass | Important | 5032342 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 3.0 Service Pack 2 | Security Feature Bypass | Important | 5032344 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 3.0 Service Pack 2 | Security Feature Bypass | Important | 5032186 | Security Only | CVE-2023-36560 |
| Microsoft .NET Framework 2.0 Service Pack 2 | Security Feature Bypass | Important | 5032344 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 2.0 Service Pack 2 | Security Feature Bypass | Important | 5032186 | Security Only | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.6/4.6.2 | Security Feature Bypass | Important | 5032199 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 4.6.2 | Security Feature Bypass | Important | 5032344 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 4.6.2 | Security Feature Bypass | Important | 5032186 | Security Only | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5032339 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5032007 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5032338 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5032340 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Security Feature Bypass | Important | 5032336 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Security Feature Bypass | Important | 5032343 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Security Feature Bypass | Important | 5032342 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Security Feature Bypass | Important | 5032341 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Security Feature Bypass | Important | 5032185 | Security Only | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 | Security Feature Bypass | Important | 5032197 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Security Feature Bypass | Important | 5032337 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5032339 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5032338 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5032340 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5032336 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8 | Security Feature Bypass | Important | 5032337 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5032343 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5032342 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5032341 | Monthly Rollup | CVE-2023-36560 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5032185 | Security Only | CVE-2023-36560 |
| Microsoft .NET Framework 4.8 | Security Feature Bypass | Important | 5031989 | Security Update | CVE-2023-36560 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Elevation of Privilege | Important | 5032004 | Security Update | CVE-2023-36049 |
| Windows 11 Version 23H2 for x64-based Systems | Remote Code Execution | Important | 5032190 | Security Update | CVE-2023-36017 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | Remote Code Execution | Important | 5032202 | Security Update | CVE-2023-36017 |
| Windows 11 Version 23H2 for ARM64-based Systems | Remote Code Execution | Important | 5032190 | Security Update | CVE-2023-36017 |
| Microsoft Dynamics 365 (on-premises) version 9.0 | Spoofing | Important | 5032298 | Security Update | CVE-2023-36030 |
| .NET 7.0 | Elevation of Privilege | Important | 5032884 | Security Update | CVE-2023-36049 |
| .NET 6.0 | Elevation of Privilege | Important | 5032883 | Security Update | CVE-2023-36049 |
| ASP.NET Core 8.0 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2023-36558 |
| ASP.NET Core 7.0 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2023-36558 |
| Windows Server 2012 R2 (Server Core installation) | Security Feature Bypass | Important | 5032249 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2012 R2 | Security Feature Bypass | Important | 5032249 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2012 (Server Core installation) | Security Feature Bypass | Important | 5032247 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2012 | Security Feature Bypass | Important | 5032247 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Security Feature Bypass | Important | 5032252 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Security Feature Bypass | Important | 5032250 | Security Only | CVE-2023-36025 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Security Feature Bypass | Important | 5032252 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Security Feature Bypass | Important | 5032250 | Security Only | CVE-2023-36025 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Security Feature Bypass | Important | 5032254 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Security Feature Bypass | Important | 5032248 | Security Only | CVE-2023-36025 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Security Feature Bypass | Important | 5032254 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Security Feature Bypass | Important | 5032248 | Security Only | CVE-2023-36025 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Security Feature Bypass | Important | 5032254 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Security Feature Bypass | Important | 5032248 | Security Only | CVE-2023-36025 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Security Feature Bypass | Important | 5032254 | Monthly Rollup | CVE-2023-36025 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Security Feature Bypass | Important | 5032248 | Security Only | CVE-2023-36025 |
| Windows Server 2016 (Server Core installation) | Security Feature Bypass | Important | 5032197 | Security Update | CVE-2023-36025 |
| Windows Server 2016 | Security Feature Bypass | Important | 5032197 | Security Update | CVE-2023-36025 |
| Windows 10 Version 1607 for x64-based Systems | Security Feature Bypass | Important | 5032197 | Security Update | CVE-2023-36025 |
| Windows 10 Version 1607 for 32-bit Systems | Security Feature Bypass | Important | 5032197 | Security Update | CVE-2023-36025 |
| Windows 10 for x64-based Systems | Security Feature Bypass | Important | 5032199 | Security Update | CVE-2023-36025 |
| Windows 10 for 32-bit Systems | Security Feature Bypass | Important | 5032199 | Security Update | CVE-2023-36025 |
| Windows 10 Version 22H2 for 32-bit Systems | Security Feature Bypass | Important | 5032189 | Security Update | CVE-2023-36025 |
| Windows 10 Version 22H2 for ARM64-based Systems | Security Feature Bypass | Important | 5032189 | Security Update | CVE-2023-36025 |
| Windows 10 Version 22H2 for x64-based Systems | Security Feature Bypass | Important | 5032189 | Security Update | CVE-2023-36025 |
| Windows 11 Version 22H2 for x64-based Systems | Security Feature Bypass | Important | 5032190 | Security Update | CVE-2023-36025 |
| Windows 11 Version 22H2 for ARM64-based Systems | Security Feature Bypass | Important | 5032190 | Security Update | CVE-2023-36025 |
| Windows 10 Version 21H2 for x64-based Systems | Security Feature Bypass | Important | 5032189 | Security Update | CVE-2023-36025 |
| Windows 10 Version 21H2 for ARM64-based Systems | Security Feature Bypass | Important | 5032189 | Security Update | CVE-2023-36025 |
| Windows 10 Version 21H2 for 32-bit Systems | Security Feature Bypass | Important | 5032189 | Security Update | CVE-2023-36025 |
| Windows 11 version 21H2 for ARM64-based Systems | Security Feature Bypass | Important | 5032192 | Security Update | CVE-2023-36025 |
| Windows 11 version 21H2 for x64-based Systems | Security Feature Bypass | Important | 5032192 | Security Update | CVE-2023-36025 |
| Windows Server 2022 (Server Core installation) | Security Feature Bypass | Important | 5032198 | Security Update | CVE-2023-36025 |
| Windows Server 2022 | Security Feature Bypass | Important | 5032198 | Security Update | CVE-2023-36025 |
| Windows Server 2019 (Server Core installation) | Security Feature Bypass | Important | 5032196 | Security Update | CVE-2023-36025 |
| Windows Server 2019 | Security Feature Bypass | Important | 5032196 | Security Update | CVE-2023-36025 |
| Windows 10 Version 1809 for ARM64-based Systems | Security Feature Bypass | Important | 5032196 | Security Update | CVE-2023-36025 |
| Windows 10 Version 1809 for x64-based Systems | Security Feature Bypass | Important | 5032196 | Security Update | CVE-2023-36025 |
| Windows 10 Version 1809 for 32-bit Systems | Security Feature Bypass | Important | 5032196 | Security Update | CVE-2023-36025 |
| az logicapp config appsettings set | Information Disclosure | Critical | Release Notes | Security Update | CVE-2023-36052 |
| az logicapp config appsettings delete | Information Disclosure | Critical | Release Notes | Security Update | CVE-2023-36052 |
| az webapp config appsettings set | Information Disclosure | Critical | Release Notes | Security Update | CVE-2023-36052 |
| az webapp config appsettings delete | Information Disclosure | Critical | Release Notes | Security Update | CVE-2023-36052 |
| az functionapp config appsettings delete | Information Disclosure | Critical | Release Notes | Security Update | CVE-2023-36052 |
| az staticwebapp appsettings delete | Information Disclosure | Critical | Release Notes | Security Update | CVE-2023-36052 |
| az functionapp config appsettings set | Information Disclosure | Critical | Release Notes | Security Update | CVE-2023-36052 |
| az staticwebapp appsettings set | Information Disclosure | Critical | Release Notes | Security Update | CVE-2023-36052 |
| Host Integration Server 2020 | Remote Code Execution | Important | 5032921 | Security Update | CVE-2023-38151 |
| Microsoft Exchange Server 2019 Cumulative Update 13 | Spoofing | Important | 5032146 | Security Update | CVE-2023-36035 |
| Microsoft Exchange Server 2019 Cumulative Update 12 | Spoofing | Important | 5032146 | Security Update | CVE-2023-36035 |
| Microsoft Exchange Server 2016 Cumulative Update 23 | Spoofing | Important | 5032147 | Security Update | CVE-2023-36035 |
| Microsoft Dynamics 365 (on-premises) version 9.1 | Spoofing | Important | 5032297 | Security Update | CVE-2023-36031 |
| Microsoft Excel 2016 (64-bit edition) | Security Feature Bypass | Important | 5002518 | Security Update | CVE-2023-36037 |
| Microsoft Excel 2016 (32-bit edition) | Security Feature Bypass | Important | 5002518 | Security Update | CVE-2023-36037 |
| Microsoft Office LTSC 2021 for 32-bit editions | Security Feature Bypass | Important | Click to Run | Security Update | CVE-2023-36037 |
| Microsoft Office LTSC 2021 for 64-bit editions | Security Feature Bypass | Important | Click to Run | Security Update | CVE-2023-36037 |
| Microsoft Office LTSC for Mac 2021 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2023-36037 |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Security Feature Bypass | Important | Click to Run | Security Update | CVE-2023-36037 |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Security Feature Bypass | Important | Click to Run | Security Update | CVE-2023-36037 |
| Microsoft Office 2019 for 64-bit editions | Security Feature Bypass | Important | Click to Run | Security Update | CVE-2023-36037 |
| Microsoft Office 2019 for 32-bit editions | Security Feature Bypass | Important | Click to Run | Security Update | CVE-2023-36037 |
| Microsoft Visual Studio 2022 version 17.4 | Denial of Service | Important | Release Notes | Security Update | CVE-2023-36042 |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Denial of Service | Important | Release Notes | Security Update | CVE-2023-36042 |
| Microsoft Visual Studio 2022 version 17.2 | Denial of Service | Important | Release Notes | Security Update | CVE-2023-36042 |
| Microsoft Office 2016 (64-bit edition) | Security Feature Bypass | Important | 5002521 | Security Update | CVE-2023-36413 |
| Microsoft Office 2016 (32-bit edition) | Security Feature Bypass | Important | 5002521 | Security Update | CVE-2023-36413 |
| Microsoft Visual Studio 2022 version 17.7 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2023-36558 |
| Microsoft Visual Studio 2022 version 17.6 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2023-36558 |
| Send Customer Voice survey from Dynamics 365 app | Spoofing | Important | Release Notes | Security Update | CVE-2023-36007 |
| .NET 8.0 | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2023-36049 |
| Jupyter Extension for Visual Studio Code | Spoofing | Important | Release Notes | Security Update | CVE-2023-36018 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Important | 5032191 | IE Cumulative | CVE-2023-36017 |
| Windows Server 2012 R2 | Remote Code Execution | Important | 5032191 | IE Cumulative | CVE-2023-36017 |
| Windows Server 2012 (Server Core installation) | Remote Code Execution | Important | 5032191 | IE Cumulative | CVE-2023-36017 |
| Windows Server 2012 | Remote Code Execution | Important | 5032191 | IE Cumulative | CVE-2023-36017 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Important | 5032191 | IE Cumulative | CVE-2023-36017 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Important | 5032191 | IE Cumulative | CVE-2023-36017 |
| On-Prem Data Gateway | Security Feature Bypass | Important | Download Guidance | Security Update | CVE-2023-36021 |
| Microsoft OLE DB Provider for DB2 V7 | Remote Code Execution | Important | 5032921 | Security Update | CVE-2023-38151 |
| System Center Operations Manager (SCOM) 2016 | Information Disclosure | Important | Release Notes | Security Update | CVE-2023-36043 |
| System Center Operations Manager (SCOM) 2019 | Information Disclosure | Important | Release Notes | Security Update | CVE-2023-36043 |
| System Center Operations Manager (SCOM) 2022 | Information Disclosure | Important | Release Notes | Security Update | CVE-2023-36043 |
| Azure Pipelines Agent | Remote Code Execution | Important | Pull Request | Security Update | CVE-2023-36437 |
| Windows Defender Antimalware Platform | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2023-36422 |
| ASP.NET Core 6.0 | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2023-36558 |
| Microsoft SharePoint Server Subscription Edition | Remote Code Execution | Important | 5002527 | Security Update | CVE-2023-38177 |
| Microsoft SharePoint Server 2019 | Remote Code Execution | Important | 5002526 | Security Update | CVE-2023-38177 |
| Microsoft SharePoint Enterprise Server 2016 | Remote Code Execution | Important | 5002517 | Security Update | CVE-2023-38177 |
Quality and experience updates
On the quality and experience updates front, Windows 11 version 22H2 is getting all the new features announced by Microsoft on September 26. The KB5032190 update includes Windows Copilot, an updated volume mixer, a modernized File Explorer, a new Windows Backup app, the Never Combine mode for the taskbar, and more.
In addition, Microsoft has released the KB5032189 update for users running versions 22H2 and 21H2 of Windows 10. This release doesn’t include any new features, but it brings bug fixes for various issues affecting the overall experience of the operating system. Microsoft has addressed issues related to touchscreens, Outlook, Windows Defender Application Control (WDAC), memory leaks, and more.
Microsoft celebrates 20 years of Windows Patch Tuesday
Microsoft has reiterated its commitment to improving the quality and transparency of the Windows patching process as it celebrates 20 years of Patch Tuesday. Microsoft released its first security update for the operating system in October 2003. The company continues investing in AI technologies and resources to protect users against security threats.
“Releasing monthly Windows updates of the highest quality remains critical. Our commitment to improving and evolving Windows patch quality informs efforts and commitment towards quick detection of issues, rapid mitigations, clear and prescriptive communications, and continued learning and improvements,” said John Cable, Vice President of Program Management, Windows Servicing and Delivery.
Windows Update testing and best practices
It’s highly recommended that organizations planning to install the November 2023 Patch Tuesday updates should conduct thorough system testing before deploying them within production environments. However, IT admins shouldn’t delay the deployment of these patches for too long, as threat actors may attempt to exploit new critical vulnerabilities.
Commercial customers should follow the best practice of backing up their systems before deploying the patches on Windows machines. Many users face issues with Windows updates every month, which can cause hardware or application compatibility and booting issues or even result in data loss.
Fortunately, Windows and Windows Server have built-in backup tools that can be used to restore the systems if a particular update causes any problems. The Windows backup features allow users to restore the entire system or select files and folders, providing more control over the restoration process.