On 2023-11-14, Microsoft rolled out its latest PatchTuesday update, addressing 63 security vulnerabilities across its product range, including a significant zero-day in the Windows desktop OS. This update underscores the need for immediate patching across affected systems.
Critical Vulnerabilities and Updates
The November release notably includes a zero-day vulnerability in the Windows desktop platform, necessitating an immediate 'Patch Now' strategy. Additionally, PowerShell has updates to fix an elevation-of-privilege issue, while ASP.NET's security feature bypass severity rating increased to CVSS 3.1 score of 10.0.
- Microsoft SQL Server received one update.
- PowerShell 7.4/7.5 offers new downloads for fixing privilege escalation.
- Immediate update required for WSUS due to remote code execution (RCE) vulnerabilities.
Service and Testing Recommendations
With updates affecting network stack and remote access services, testing is crucial. Focus on IPv4/IPv6 packet transmission, Remote Desktop connections, and VPN diagnostics. Ensuring smooth Bluetooth connectivity and Teams performance is also advised.
- Test smart card authentication and Desktop Window Manager for responsiveness.
- Ensure IPv4/IPv6 dual-stack pathways operate without disruption.
- Validate VPN, RASMAN, and RRAS diagnostics.
Product-Specific Changes
Critical updates span several product families. Edge browser received important fixes, while Windows updates targeted DirectX, GDI core, SmartCard, Hyper-V, and storage components. Microsoft Office and Visual Studio also saw critical updates, although there were no Adobe or third-party updates this round.
- Windows 11 23H2 Home and Pro support has ended; Enterprise support persists until 2029-10-09.
- Exchange requires SQL Server restart after update.
- No third-party updates included this month.
