We are now in the third decade of Microsoft’s monthly Patch Tuesday releases, which deliver fewer critical updates to browsers and Windows platforms — and much more reliable updates to Microsoft Office — than in the early days of patching. But this month, the company rolled out 63 updates (including fixes for three zero-days in Windows and Office).
Updates to Microsoft Exchange and Visual Studio can be included in standard patch release cycles, while Adobe needs to be included in your “Patch Now” releases for third-party applications.
The team at Readiness has provided a detailed infographic that outlines the risks associated with each of the updates for November.
Known issues
Microsoft publishes a list of known issues that relate to the operating system and platforms are included in each update. This month, that list includes:
File Explorer will crash after KB5031354 is uninstalled on Win11 22H2 platforms. Still Active.
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error. As of now, Microsoft is still working on a resolution.
In Skype for Business 2019 and 2015, the Debug-CsIntraPoolReplication cmdlet fails if you use the ConnectionUri parameter during a remote PowerShell session created by using an OcsPowerShell endpoint.
If you’re lucky enough to receive access to Microsoft’s Windows AI Copilot this month, you might experience a display issue with your desktop icons unexpectedly moving from one display to another — and then moving back to the original display. Don’t worry, there is no ghost in the machine. Oh, wait….
Major revisions
At this point, Microsoft has published three major revisions that require attention for this cycle, including:
CVE-2023-36008: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-36026: Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-6112: Chromium: CVE-2023-6112 Use after free in Navigation
All of these revisions were for informational purposes only, and do not require additional action.
Mitigations and workarounds
Microsoft published the following vulnerability-related mitigations for this Patch Tuesday release:
CVE-2023-38151: Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability. Microsoft has advised that the target system must have installed Microsoft OLE DB Provider for DB2 Server Version 7.0 to be vulnerable.
CVE-2023-36397: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. The Windows message queuing service, which is a Windows component, must be enabled for a system to be exploitable by this vulnerability. This feature can be verified via the Windows Control Panel.
CVE-2023-36028: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. PEAP)is only negotiated with the…
2023-11-19 18:41:02
Article from www.computerworld.com rnrn