Shulou(Shulou.com)11/24 Report--

CTOnews.com, Nov. 20, Microsoft announced that more than 60 security vulnerabilities have been fixed in Patch Tuesday in November this year, including five zero-day vulnerabilities, three of which are said to have been exploited by hackers.

CTOnews.com found that this month's zero-day vulnerabilities are classified as "important" vulnerabilities, including CVE-2023-36033 involving Windows DWM Core Library, CVE-2023-36036 related to Windows Cloud Files Mini Filter Driver, and CVE-2023-36025 that can bypass Windows SmartScreen security features.

In Windows DWM Core Library, the full name of DWM is Desktop Window Manager, and its main function is to build the graphical user interface of Windows through hardware acceleration. However, Microsoft did not release details about the CVE-2023-36033 vulnerability, saying only that a successful attack would allow hackers to gain system privileges.

CVE-2023-36036, which affects Windows Cloud Files Mini Filter Driver, is also a permission vulnerability, in which "Windows Cloud Files Mini Filter Driver" is the default feature of Windows and is specifically used to manage cloud files, and a vulnerability in this feature allows hackers to obtain system permissions directly.

In addition, the CVE-2023-36025 vulnerability allows hackers to invade a user's device by bypassing the checks and prompts of the Windows security tool SmartScreen and causing the user to click on a URL file / hyperlink.

In addition to the above three vulnerabilities that have been exploited by hackers, Microsoft also introduced two zero-day vulnerabilities that have been made public but not yet exploited, namely CVE-2023-36038, which is a service vulnerability of ASP.NET Core, and CVE-2023-36413, which is used to bypass the security features of Microsoft Office.

In addition to zero-day vulnerabilities, three security vulnerabilities were classified as "significant" this month, namely CVE-2023-36052, CVE-2023-36400 and CVE-2023-36397.

Among them, CVE-2023-36052 is an information disclosure vulnerability of Azure CLI REST Command. A hacker who successfully exploits this vulnerability will be able to recover records created by specific CLI commands and find plaintext passwords and user names in log files published by Azure DevOps or GitHub Actions. This means that hackers can obtain user credential information through log files stored in the open source library. Microsoft recommends that affected users upgrade Azure CLI to 2.53.1 or later.

CVE-2023-36400 is a privilege extension vulnerability of Windows HMAC keys, and a successful attack would allow hackers to run malicious programs with low privileges in the Hyper-V Host environment.

CVE-2023-36397 is a remote execution vulnerability in a Windows multicast protocol called Pragmatic General Multicast (PGM), with a CVSS risk score of 9.8, making it the riskiest security vulnerability fixed by Microsoft this month.

Microsoft claims that when the Windows message queuing service operates in a PGM server environment, hackers can remotely execute malicious programs by sending a specific file over the network, and allow victims to actively trigger malicious code.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.