Microsoft has announced the security updates for November 2023.
November 2023 Security Updates
This release consists of the following 63 Microsoft CVEs:
Tag CVE Base Score Exploitability Microsoft Dynamics CVE-2023-36007 7.6 Exploitation Less Likely Microsoft Edge (Chromium-based) CVE-2023-36014 7.3 Exploitation Less Likely Microsoft Dynamics CVE-2023-36016 6.2 Exploitation Less Likely Windows Scripting CVE-2023-36017 8.8 Exploitation More Likely Visual Studio Code CVE-2023-36018 7.8 Exploitation Less Likely Azure CVE-2023-36021 8.0 Exploitation Less Likely Microsoft Edge (Chromium-based) CVE-2023-36022 6.6 Exploitation Less Likely Microsoft Edge (Chromium-based) CVE-2023-36024 7.1 Exploitation Less Likely Windows SmartScreen CVE-2023-36025 8.8 Exploitation Detected Microsoft Edge (Chromium-based) CVE-2023-36027 7.1 Exploitation Less Likely Windows Protected EAP (PEAP) CVE-2023-36028 9.8 Exploitation Less Likely Microsoft Edge (Chromium-based) CVE-2023-36029 4.3 Exploitation Less Likely Microsoft Dynamics 365 Sales CVE-2023-36030 6.1 Exploitation Less Likely Microsoft Dynamics CVE-2023-36031 7.6 Exploitation Less Likely Windows DWM Core Library CVE-2023-36033 7.8 Exploitation Detected Microsoft Edge (Chromium-based) CVE-2023-36034 7.3 Exploitation Less Likely Microsoft Exchange Server CVE-2023-36035 8.0 Exploitation More Likely Windows Cloud Files Mini Filter Driver CVE-2023-36036 7.8 Exploitation Detected Microsoft Office Excel CVE-2023-36037 7.8 Exploitation Less Likely ASP.NET CVE-2023-36038 8.2 Exploitation Less Likely Microsoft Exchange Server CVE-2023-36039 8.0 Exploitation More Likely Microsoft Office Excel CVE-2023-36041 7.8 Exploitation Less Likely Visual Studio CVE-2023-36042 6.2 Exploitation Less Likely Open Management Infrastructure CVE-2023-36043 6.5 Exploitation Less Likely Microsoft Office CVE-2023-36045 7.8 Exploitation Less Likely Windows Authentication Methods CVE-2023-36046 7.1 Exploitation Less Likely Windows Authentication Methods CVE-2023-36047 7.8 Exploitation Less Likely .NET Framework CVE-2023-36049 7.6 Exploitation Less Likely Microsoft Exchange Server CVE-2023-36050 8.0 Exploitation More Likely Azure CVE-2023-36052 8.6 Exploitation Less Likely Windows DHCP Server CVE-2023-36392 7.5 Exploitation Less Likely Tablet Windows User Interface CVE-2023-36393 7.8 Exploitation Less Likely Microsoft Windows Search Component CVE-2023-36394 7.0 Exploitation More Likely Windows Deployment Services CVE-2023-36395 7.5 Exploitation Less Likely Windows Compressed Folder CVE-2023-36396 7.8 Exploitation Less Likely Windows Internet Connection Sharing (ICS) CVE-2023-36397 9.8 Exploitation Less Likely Windows NTFS CVE-2023-36398 6.5 Exploitation Less Likely Windows Storage CVE-2023-36399 7.1 Exploitation More Likely Windows HMAC Key Derivation CVE-2023-36400 8.8 Exploitation Less Likely Microsoft Remote Registry Service CVE-2023-36401 7.2 Exploitation Less Likely Microsoft WDAC OLE DB provider for SQL CVE-2023-36402 8.8 Exploitation Less Likely Windows Kernel CVE-2023-36403 7.0 Exploitation Less Likely Windows Kernel CVE-2023-36404 5.5 Exploitation Less Likely Windows Kernel CVE-2023-36405 7.0 Exploitation Less Likely Windows Hyper-V CVE-2023-36406 5.5 Exploitation Less Likely Windows Hyper-V CVE-2023-36407 7.8 Exploitation Less Likely Windows Hyper-V CVE-2023-36408 7.8 Exploitation Less Likely Microsoft Dynamics CVE-2023-36410 7.6 Exploitation Less Likely Microsoft Office CVE-2023-36413 6.5 Exploitation More Likely Windows Defender CVE-2023-36422 7.8 Exploitation Less Likely Microsoft Remote Registry Service CVE-2023-36423 7.2 Exploitation Less Likely Windows Common Log File System Driver CVE-2023-36424 7.8 Exploitation More Likely Windows Distributed File System (DFS) CVE-2023-36425 8.0 Exploitation Less Likely Windows Hyper-V CVE-2023-36427 7.0 Exploitation Less Likely Windows Authentication Methods CVE-2023-36428 5.5 Exploitation Less Likely Azure DevOps CVE-2023-36437 8.8 Exploitation Less Likely Microsoft Exchange Server CVE-2023-36439 8.0 Exploitation More Likely ASP.NET CVE-2023-36558 6.2 Exploitation Less Likely ASP.NET CVE-2023-36560 8.8 Exploitation Less Likely Windows Installer CVE-2023-36705 7.8 Exploitation Less Likely Microsoft Windows Speech CVE-2023-36719 8.4 Exploitation Less Likely Azure CVE-2023-38151 8.8 Exploitation Less Likely Microsoft Office SharePoint CVE-2023-38177 6.1 Exploitation More Likely We are republishing 15 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations? Mitre Microsoft Bluetooth Driver CVE-2023-24023 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5480 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5482 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5849 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5850 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5851 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5852 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5853 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5854 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5855 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5856 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5857 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5858 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5859 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-5996 Yes No No Security Update Guide Blog Posts
Date Blog Post January 11, 2022 Coming Soon: New Security Update Guide Notification System February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners December 8, 2020 Security Update Guide: Let’s keep the conversation going November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide Relevant Resources
- The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
KB Article Applies To 5032189 Windows 10, version 21H2, Windows 10, version 22H2 5032190 Windows 11, version 22H2 5032192 Windows 11, version 21H2 5032196 Windows 10, version 1809, Windows Server 2019 5032248 Windows Server 2008 (Security-only update) 5032250 Windows Server 2008 R2 (Security-only update) 5032252 Windows Server 2008 R2 (Monthly Rollup) 5032254 Windows Server 2008 (Monthly Rollup)
