November's Patch Tuesday Cooks Up 75 Vulnerabilities and 1 Zero-Day

Boom! And just like that, November's Patch Tuesday has rolled around again. While this Patch Tuesday is less of a heavy hitter than last month's, we still have one Zero-Day and 75 vulnerabilities.

But rest easy – if NASA can apply patches to Voyager 1 and Voyager 2 (which are over 12 billion miles away) you can survive this Patch Tuesday. (Automox does recommend if you have endpoints that have been in service since 1977 and are still located on Earth to maaaybe double-check your patch policy.)

Also, be sure to check out our first-ever Patch [FIX] Tuesday podcast (available here, or wherever you get your podcasts)!

Here's a quick look into how this Patch Tuesday stacks up:

Windows SmartScreen Security Feature Bypass Vulnerability - [Important]

CVE-2023-36025 is a zero-day vulnerability. 

This vulnerability allows an attacker to bypass the security feature of Windows Defender SmartScreen. This is a significant concern as SmartScreen is designed to provide an additional layer of protection against phishing sites and malware downloads.

This means that for an attacker to successfully exploit this vulnerability, the user must interact with a malicious file or website by clicking on a link in an email or downloading a file from an untrusted source.

Threat actors thrive on scenarios that let them bypass security measures. They find it even more appealing when they can exploit security mechanisms to carry out malicious activities, appearing normal to the system and avoiding scrutiny.

To mitigate this risk, be sure to educate users about the importance of caution when clicking on links or downloading files. It is also recommended to keep Windows Defender SmartScreen enabled and updated, as Microsoft has released a patch for this vulnerability. This is one that administrators should prioritize fixing. – Jason Kikta, Automox CISO

Windows HMAC Key Derivation Elevation of Privilege Vulnerability - [Important]

CVE-2023-36400 is a Hyper-V breakout vulnerability and has a base score of 8.8. This type of vulnerability would allow an attacker, even one with relatively low privilege within a Hyper-V guest environment, to bypass the security boundary of the guest environment and execute code directly on the Hyper-V host. 

Essentially, the attacker could break out of the virtual machine and access the underlying host system. The implications of such a vulnerability are grave, especially considering the scale on which virtualization platforms like Hyper-V are used within enterprise environments.

By exploiting this vulnerability, an attacker could gain SYSTEM privileges, the highest level of access, on the Hyper-V host. First, an attacker would have to log on to the system and then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The mitigation strategy for such threats should include diligent patch management, careful monitoring of Hyper-V guests, and adherence to the principle of least privilege. Virtual machines are part of many organizations' daily workflows now. If you utilize VMs in your environment, pay special attention to this vulnerability. – Tom Bowyer, Director of Security

Microsoft Windows Defender Elevation of Privilege Vulnerability - [Important]

The next critical vulnerability to focus on is a privilege escalation vulnerability in Microsoft Windows Defender. Identified as CVE-2023-36422, this vulnerability is rated with a CVSS base score of 7.8 but still has potentially severe implications.

As a result of exploiting this vulnerability, an attacker could gain SYSTEM privileges, the most elevated level of access on a Windows device, causing a high-security concern. The most effective mitigation strategy against such a threat is applying the available patches promptly and ensuring they are up-to-date. Regular updates to your security software are critical in maintaining a robust defense against such security threats. – Jason Kikta, Automox CISO, SVP of Product