Alert GCSA-23148 - Microsoft Monthly Security Update - novembre 2023
******************************************************************
Alert ID: GCSA-23148
data: 15 novembre 2023
titolo: Microsoft Monthly Security Update - novembre 2023
******************************************************************
:: Descrizione del problema
Microsoft ha pubblicato il security update per il mese di novembre 2023,
con questa release vengono risolte 63 vulnerabilita', delle quali 5
di tipo zero-day.
Microsoft comunica che le seguenti vulnerabilita'
risultano in corso di sfruttamento:
CVE-2023-36025
Windows SmartScreen Security Feature Bypass Vulnerability
It allows a malicious internet shortcut to bypass security checks and warnings.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025
CVE-2023-36033
Windows DWM Core Library Elevation of Privilege Vulnerability
It can be expoloited to gain SYSTEM privileges.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
It can be exploited to gain SYSTEM privileges.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036
Microsoft ha pubblicato un blog sulle linee guida relative alle credenziali
trapelate nei GitHub Actions Logs tramite la CLI di Azure.
https://msrc.microsoft.com/blog/2023/11/microsoft-guidance-regarding-credentials-leaked-to-github-actions-logs-through-azure-cli/
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software / Tecnologie interessate
Windows
Extended Security Updates (ESU)
Microsoft Edge (Chromium-based)
Microsoft Office
Exchange Server
Microsoft Dynamics
Developer Tools
SQL Server
Azure
Mariner
:: Impatto
Rivelazione di informazioni (ID)
Denial of Service (DoS)
Esecuzione remota di codice arbitrario (RCE)
Acquisizione di privilegi piu' elevati (EoP)
Bypass delle funzionalita' di sicurezza (SFB)
Provide Misleading Information (spoofing)
:: Soluzioni
In Windows per default gli aggiornamenti
avvengono in maniera automatica.
Per verificare manualmente la disponibilita' di aggiornamenti scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
MSRC Security Update Guide
https://msrc.microsoft.com/update-guide/deployments
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite WSUS ed il
catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2023-Nov
https://msrc.microsoft.com/update-guide
Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
November 2023 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2023-exchange-server-security-updates/ba-p/3980209
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-mensili-microsoft-al01-231115-csirt-ita
Center for Internet Security
https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-november-14-2023_2023-132
BleepingComputer
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5032190-update-enables-moment-4-features-for-everyone/
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-azure-cli-flaw-that-leaked-credentials-in-logs/
https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/
Krebs on Security
https://krebsonsecurity.com/2023/11/microsoft-patch-tuesday-november-2023-edition/
SANS Internet Storm Center
https://isc.sans.edu/diary/rss/30400
SecurityWeek
https://www.securityweek.com/microsoft-patches-sensitive-information-disclosure-vulnerability-in-azure-cli/
Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZVT7Fg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCcKAAnRUFjkKadymgAWSqnHcORZLHD9kYAJ9W76o14Wrw
ACUo17JoMJ94XNmcDg==
=+TKl
-----END PGP SIGNATURE-----
Alert ID: GCSA-23148
data: 15 novembre 2023
titolo: Microsoft Monthly Security Update - novembre 2023
******************************************************************
:: Descrizione del problema
Microsoft ha pubblicato il security update per il mese di novembre 2023,
con questa release vengono risolte 63 vulnerabilita', delle quali 5
di tipo zero-day.
Microsoft comunica che le seguenti vulnerabilita'
risultano in corso di sfruttamento:
CVE-2023-36025
Windows SmartScreen Security Feature Bypass Vulnerability
It allows a malicious internet shortcut to bypass security checks and warnings.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025
CVE-2023-36033
Windows DWM Core Library Elevation of Privilege Vulnerability
It can be expoloited to gain SYSTEM privileges.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
It can be exploited to gain SYSTEM privileges.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36036
Microsoft ha pubblicato un blog sulle linee guida relative alle credenziali
trapelate nei GitHub Actions Logs tramite la CLI di Azure.
https://msrc.microsoft.com/blog/2023/11/microsoft-guidance-regarding-credentials-leaked-to-github-actions-logs-through-azure-cli/
Maggiori dettagli sono disponibili alla sezione "Riferimenti".
:: Software / Tecnologie interessate
Windows
Extended Security Updates (ESU)
Microsoft Edge (Chromium-based)
Microsoft Office
Exchange Server
Microsoft Dynamics
Developer Tools
SQL Server
Azure
Mariner
:: Impatto
Rivelazione di informazioni (ID)
Denial of Service (DoS)
Esecuzione remota di codice arbitrario (RCE)
Acquisizione di privilegi piu' elevati (EoP)
Bypass delle funzionalita' di sicurezza (SFB)
Provide Misleading Information (spoofing)
:: Soluzioni
In Windows per default gli aggiornamenti
avvengono in maniera automatica.
Per verificare manualmente la disponibilita' di aggiornamenti scegliere
Start > Impostazioni > Aggiornamento e Sicurezza > Windows Update
Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://msrc.microsoft.com/update-guide/vulnerability/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates
MSRC Security Update Guide
https://msrc.microsoft.com/update-guide/deployments
Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Gli aggiornamenti sono disponibili anche tramite WSUS ed il
catalogo di Microsoft Update
https://www.catalog.update.microsoft.com/
:: Riferimenti
Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2023-Nov
https://msrc.microsoft.com/update-guide
Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
November 2023 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2023-exchange-server-security-updates/ba-p/3980209
CSIRT Italia
https://www.csirt.gov.it/contenuti/aggiornamenti-mensili-microsoft-al01-231115-csirt-ita
Center for Internet Security
https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-november-14-2023_2023-132
BleepingComputer
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5032190-update-enables-moment-4-features-for-everyone/
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-azure-cli-flaw-that-leaked-credentials-in-logs/
https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/
Krebs on Security
https://krebsonsecurity.com/2023/11/microsoft-patch-tuesday-november-2023-edition/
SANS Internet Storm Center
https://isc.sans.edu/diary/rss/30400
SecurityWeek
https://www.securityweek.com/microsoft-patches-sensitive-information-disclosure-vulnerability-in-azure-cli/
Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCZVT7Fg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCcKAAnRUFjkKadymgAWSqnHcORZLHD9kYAJ9W76o14Wrw
ACUo17JoMJ94XNmcDg==
=+TKl
-----END PGP SIGNATURE-----