Microsoft November 2023 Security Updates

November 2023 Security Updates
This release consists of the following 63 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Microsoft Dynamics CVE-2023-36007
Microsoft Edge (Chromium-based) CVE-2023-36014
Microsoft Dynamics CVE-2023-36016
Windows Scripting CVE-2023-36017
Visual Studio Code CVE-2023-36018
Azure CVE-2023-36021
Microsoft Edge (Chromium-based) CVE-2023-36022
Microsoft Edge (Chromium-based) CVE-2023-36024
Windows SmartScreen CVE-2023-36025
Microsoft Edge (Chromium-based) CVE-2023-36027
Windows Protected EAP (PEAP) CVE-2023-36028
Microsoft Edge (Chromium-based) CVE-2023-36029
Microsoft Dynamics 365 Sales CVE-2023-36030
Microsoft Dynamics CVE-2023-36031
Windows DWM Core Library CVE-2023-36033
Microsoft Edge (Chromium-based) CVE-2023-36034
Microsoft Exchange Server CVE-2023-36035
Windows Cloud Files Mini Filter Driver CVE-2023-36036
Microsoft Office Excel CVE-2023-36037
ASP.NET CVE-2023-36038
Microsoft Exchange Server CVE-2023-36039
Microsoft Office Excel CVE-2023-36041
Visual Studio CVE-2023-36042
Open Management Infrastructure CVE-2023-36043
Microsoft Office CVE-2023-36045
Windows Authentication Methods CVE-2023-36046
Windows Authentication Methods CVE-2023-36047
.NET Framework CVE-2023-36049
Microsoft Exchange Server CVE-2023-36050
Azure CVE-2023-36052
Windows DHCP Server CVE-2023-36392
Tablet Windows User Interface CVE-2023-36393
Microsoft Windows Search Component CVE-2023-36394
Windows Deployment Services CVE-2023-36395
Windows Compressed Folder CVE-2023-36396
Windows Internet Connection Sharing (ICS) CVE-2023-36397
Windows NTFS CVE-2023-36398
Windows Storage CVE-2023-36399
Windows HMAC Key Derivation CVE-2023-36400
Microsoft Remote Registry Service CVE-2023-36401
Microsoft WDAC OLE DB provider for SQL CVE-2023-36402
Windows Kernel CVE-2023-36403
Windows Kernel CVE-2023-36404
Windows Kernel CVE-2023-36405
Windows Hyper-V CVE-2023-36406
Windows Hyper-V CVE-2023-36407
Windows Hyper-V CVE-2023-36408
Microsoft Dynamics CVE-2023-36410
Microsoft Office CVE-2023-36413
Windows Defender CVE-2023-36422
Microsoft Remote Registry Service CVE-2023-36423
Windows Common Log File System Driver CVE-2023-36424
Windows Distributed File System (DFS) CVE-2023-36425
Windows Hyper-V CVE-2023-36427
Windows Authentication Methods CVE-2023-36428
Azure DevOps CVE-2023-36437
Microsoft Exchange Server CVE-2023-36439
ASP.NET CVE-2023-36558
ASP.NET CVE-2023-36560
Windows Installer CVE-2023-36705
Microsoft Windows Speech CVE-2023-36719
Azure CVE-2023-38151
Microsoft Office SharePoint CVE-2023-38177

We are republishing 15 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
Mitre Microsoft Bluetooth Driver CVE-2023-24023
Chrome Microsoft Edge (Chromium-based) CVE-2023-5480
Chrome Microsoft Edge (Chromium-based) CVE-2023-5482
Chrome Microsoft Edge (Chromium-based) CVE-2023-5849
Chrome Microsoft Edge (Chromium-based) CVE-2023-5850
Chrome Microsoft Edge (Chromium-based) CVE-2023-5851
Chrome Microsoft Edge (Chromium-based) CVE-2023-5852
Chrome Microsoft Edge (Chromium-based) CVE-2023-5853
Chrome Microsoft Edge (Chromium-based) CVE-2023-5854
Chrome Microsoft Edge (Chromium-based) CVE-2023-5855
Chrome Microsoft Edge (Chromium-based) CVE-2023-5856
Chrome Microsoft Edge (Chromium-based) CVE-2023-5857
Chrome Microsoft Edge (Chromium-based) CVE-2023-5858
Chrome Microsoft Edge (Chromium-based) CVE-2023-5859
Chrome Microsoft Edge (Chromium-based) CVE-2023-5996

Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5032189 Windows 10, version 21H2, Windows 10, version 22H2
5032190 Windows 11, version 22H2
5032192 Windows 11, version 21H2
5032196 Windows 10, version 1809, Windows Server 2019
5032248 Windows Server 2008 (Security-only update)
5032250 Windows Server 2008 R2 (Security-only update)
5032252 Windows Server 2008 R2 (Monthly Rollup)
5032254 Windows Server 2008 (Monthly Rollup)
Released: Nov 14, 2023
November 2023 Security Updates - Release Notes - Security Update Guide - Microsoft