Patchday November 2023: Microsoft closes over 60 security vulnerabilities
Contents
Every second Tuesday of the current month, Microsoft holds its Patchday. This now 20-year-old tradition provides updates for all Microsoft programs and applications. The main aim is to close security gaps. The November 2023 Patchday brought numerous updates that eliminate over 60 risks. Including some bugs classified as "critical".
What the November 2023 patchday brought
The patches that Microsoft released on Patchday November 2023 mainly relate to Windows 10 and 11, but updates for Windows Server 2016, Azure, Edge, Visual Studio and other applications are also included in Patchday November 2023.
The most important patches close dangerous security risks that have been classified as "critical" and therefore pose a higher risk of cyberattacks. These include the following:
- There was a vulnerability in the Desktop Windows Manager Core Library that allowed attackers to gain system-level privileges without user interaction. This bug has been fixed for Windows 10, Windows 11, Windows Server 2016 and newer servers.
- The Cloud Files Mini Filter Driver had a similar problem. With a CVSS value - (Common Vulnerability Scoring System) an algorithm for classifying the risk of security vulnerabilities using a scale - this vulnerability received a 7.8 out of 10. Here too, Microsoft provided patches for Windows 10 and Windows 11, as well as for all Windows servers from the 2008 edition onwards.
- A security vulnerability in SmartScreen was given a CVSS score of 8.8 out of 10. This bug allowed attackers to completely bypass the SmartScreen security function. The November 2023 patchday also provided a remedy for all affected Windows versions and server editions.
- Almost at the bottom of the CVSS scale is a vulnerability in Windows Pragmatic General Multicast. This bug scored a full 9.8 points on the risk bar. The security hole allowed hackers to inject malicious code into the system and execute it. However, only systems running Windows Message Queuing in a PGM server environment were affected. Nevertheless, the November 2023 patchday naturally provided a solution to this problem.
In addition, Microsoft Patchday 2023 also provided bug fixes and patches for over 60 other minor and major problems and risks.
Features and corrections in the November 2023 patchday
Patchday is not just about eliminating security risks in Microsoft's programs and applications. It also provides updates for features and improvements for applications that serve user-friendliness.
In the November 2023 patchday, this includes a long-requested bug fix for touchscreen operation under Windows 10. As soon as a second display or a secondary monitor was connected, the touchscreen used to cause problems. With the patchday package KB50322189, this problem should be history from now on.
Microsoft plans to release further updates and features gradually. Installation takes place via the automatic system updates, which you should ideally carry out immediately. But don't forget to create a backup beforehand in case something goes wrong during installation (which is unfortunately not uncommon).
Use Microsoft applications securely with skill it
Although Microsoft goes to great lengths to close all security gaps in its systems and applications with the monthly patch day, there are always vulnerabilities. Hackers are resourceful and are constantly coming up with new methods to circumvent protective measures.
You can learn how to use Microsoft applications securely in ourMicrosoft Security, Compliance, and Identity Fundamentals training , for example. Familiarize yourself with the basic security and protection options. Or build on your existing knowledge in our four-day Microsoft Cybersecurity Architect course, in which you develop a complete security strategy based on practical exercises. This way, you'll also be prepared for incidents that the November 2023 patchday overlooked.
