{"id":50624,"date":"2023-11-20T10:58:46","date_gmt":"2023-11-20T10:58:46","guid":{"rendered":"https:\/\/www.n-able.com\/?p=50624"},"modified":"2023-11-20T11:02:35","modified_gmt":"2023-11-20T11:02:35","slug":"patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes","title":{"rendered":"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities"},"content":{"rendered":"

November brings an uptick in online sales and digital marketing as the holiday season approaches. That means users clicking on more links and potentially being exposed to more phishing attacks than usual. Patch Tuesday for this November brings fixes for threats that leverage security bypass techniques and other vulnerabilities that will require user interaction to exploit. Getting a handle on these vulnerabilities by applying updates and improving end-user resiliency through cyber awareness training can help improve your chances of having happy holidays and not a case of the humbugs. <\/span><\/p>\n

Microsoft Vulnerabilities <\/span><\/h2>\n

Three of the five reported zero-day vulnerabilities this month have been detected being exploited in the wild. CVE-2023-36036<\/span><\/a>, CVE-2023-36033<\/span><\/a>, and CVE-2023-36025<\/span><\/a> are all under active exploitation and should get priority placement in your patching queues. Don\u2019t leave out the other two as of yet unexploited zero-days from your priority list though simply because there are no reports yet of their use. Once a fix for a zero-day is released it doesn\u2019t take long for security researchers and threat actors to begin reverse engineering exploits. Given time those zero-days are likely to also see abuse. <\/span><\/p>\n

Four of the Microsoft vulnerabilities addressed this month have also been added to the CISA\u2019s Known Exploited Vulnerabilities (KEV) Catalog<\/span><\/a>. CVE-2023-36584<\/span><\/a>, CVE-2023-36036<\/span><\/a>, CVE-023-36025<\/span><\/a>, and CVE-2023-36033<\/span><\/a> have due dates assigned of December 5<\/span>th<\/sup><\/span> and 7<\/span>th<\/sup><\/span> for appropriate remediation and mitigations to be applied. If you ever feel like you need an example of real-world guidance to impress upon clients the importance of timely patching, the CISA\u2019s KEV catalog is a great resource as it clearly details when a vulnerability was first reported and what date it should be addressed by.<\/span><\/p>\n

For on-premise Exchange admins, CVE-2023-36439<\/span><\/a>, CVE-2023-36050<\/span><\/a>, CVE-2023-36039<\/span><\/a><\/span>,<\/span> and CVE-2023-36035<\/span><\/a> should all receive your attention this month. They all carry CVSS 8.0 scores and are considered as Exploitation More Likely to occur. The good news is, it appears that these vulnerabilities can all be addressed by applying Microsoft Security Updates KB5032146<\/span><\/a> and KB5032147<\/span><\/a> for Exchange Server 2019 and 2016. <\/span><\/p>\n

Microsoft Patch Tuesday Vulnerability Prioritization<\/b><\/span><\/h2>\n

Addressing vulnerabilities effectively requires a mix of adhering to established best practices and leveraging informed judgment. While it\u2019s a natural instinct to rank vulnerabilities with critical severity ratings higher on the list of things that need to be addressed, relying on severity ratings alone can be limiting. An often-overlooked component is temporal metrics, which provide a measure of the window of vulnerability\u2014the time from initial vulnerability discovery to the availability and application of the patch. This is essential as the longer a vulnerability exists without a fix, the greater the potential for exploitation. By integrating temporal metrics into the risk evaluation process, organizations can gain a more comprehensive understanding of the threat landscape and potential attack vectors, ensuring that they don\u2019t leave themselves open to unnecessary risks.<\/span><\/p>\n

Table Key:\u00a0<\/b>Severity:\u00a0C = Critical, I = Important, M = Moderate, R = Re-issue;\u00a0Status: EML = Exploitation More Likely, ELL = Exploitation Less Likely, ED = Exploitation Detected,\u00a0N\/A = Not Available<\/span><\/em><\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n

CVE Number<\/span><\/strong><\/p>\n<\/td>\n

\n

CVE Title<\/span><\/strong><\/p>\n<\/td>\n

\n

Severity<\/span><\/strong><\/p>\n<\/td>\n

\n

Status<\/span><\/strong><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36036<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

ED<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36033<\/a><\/span><\/p>\n<\/td>\n

\n

Windows DWM Core Library Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

ED<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36025<\/a><\/span><\/p>\n<\/td>\n

\n

Windows SmartScreen Security Feature Bypass Vulnerability<\/span><\/p>\n<\/td>\n

\n

ED<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36796<\/a><\/span><\/p>\n<\/td>\n

\n

Visual Studio Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

ELL<\/span><\/p>\n<\/td>\n

\n

C<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36793<\/a><\/span><\/p>\n<\/td>\n

\n

Visual Studio Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

ELL<\/span><\/p>\n<\/td>\n

\n

C<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36792<\/a><\/span><\/p>\n<\/td>\n

\n

Visual Studio Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

ELL<\/span><\/p>\n<\/td>\n

\n

C<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36400<\/a><\/span><\/p>\n<\/td>\n

\n

Windows HMAC Key Derivation Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

ELL<\/span><\/p>\n<\/td>\n

\n

C<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36397<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

ELL<\/span><\/p>\n<\/td>\n

\n

C<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36052<\/a><\/span><\/p>\n<\/td>\n

\n

Azure CLI REST Command Information Disclosure Vulnerability<\/span><\/p>\n<\/td>\n

\n

ELL<\/span><\/p>\n<\/td>\n

\n

C<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36043<\/a><\/span><\/p>\n<\/td>\n

\n

Open Management Infrastructure Information Disclosure Vulnerability<\/span><\/p>\n<\/td>\n

\n

ELL<\/span><\/p>\n<\/td>\n

\n

C<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-38177<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft SharePoint Server Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36439<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Exchange Server Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36424<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36413<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Office Security Feature Bypass Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36399<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Storage Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36394<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Search Service Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36050<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Exchange Server Spoofing Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36039<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Exchange Server Spoofing Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36035<\/a><\/span><\/p>\n<\/td>\n

\n

Microsoft Exchange Server Spoofing Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2023-36017<\/a><\/span><\/p>\n<\/td>\n

\n

Windows Scripting Engine Memory Corruption Vulnerability<\/span><\/p>\n<\/td>\n

\n

EML<\/span><\/p>\n<\/td>\n

\n

I<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

As always make sure you have established patching processes for evaluation, testing and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected and Exploitation More Likely vulnerabilities in your\u00a0Patch Management<\/span><\/a>\u00a0routines.<\/span><\/p>\n

Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Reviews, then check out\u00a0<\/b>this section of our blog<\/b><\/span><\/a>.<\/b>\u00a0<\/span><\/p>\n

Lewis Pope is the Head Security Nerd at N‑able. You can follow him on Twitter:\u00a0@cybersec_nerd<\/span><\/a><\/span><\/p>\n

LinkedIn:\u00a0thesecuritypope<\/span><\/a><\/span><\/p>\n

Twitch:\u00a0cybersec_nerd<\/span><\/a><\/span><\/p>\n

\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

This month sees a total of five zero-day vulnerabilities reported, with three under active exploitation, plus there\u2019s work for Exchange admins. \u00a0Lewis Pope investigates.<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-50624","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-patch-management","topic-security"],"acf":[],"yoast_head":"\nPatch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities - N-able<\/title>\n<meta name=\"description\" content=\"November has five reported zero-day vulnerabilities, with three under active exploitation, plus there\u2019s work for Exchange admins. Find out more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities - N-able\" \/>\n<meta property=\"og:description\" content=\"November has five reported zero-day vulnerabilities, with three under active exploitation, plus there\u2019s work for Exchange admins. Find out more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-20T10:58:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-20T11:02:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-01.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2500\" \/>\n\t<meta property=\"og:image:height\" content=\"1309\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities\",\"datePublished\":\"2023-11-20T10:58:46+00:00\",\"dateModified\":\"2023-11-20T11:02:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes\"},\"wordCount\":835,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"articleSection\":[\"Head Nerds\",\"Patch Management\",\"Security\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes\",\"url\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes\",\"name\":\"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#website\"},\"datePublished\":\"2023-11-20T10:58:46+00:00\",\"dateModified\":\"2023-11-20T11:02:35+00:00\",\"description\":\"November has five reported zero-day vulnerabilities, with three under active exploitation, plus there\u2019s work for Exchange admins. Find out more.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Head Nerds\",\"item\":\"https:\/\/www.n-able.com\/it\/blog\/category\/head-nerds-it\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/it\/#website\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities - N-able","description":"November has five reported zero-day vulnerabilities, with three under active exploitation, plus there\u2019s work for Exchange admins. Find out more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes","og_locale":"it_IT","og_type":"article","og_title":"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities - N-able","og_description":"November has five reported zero-day vulnerabilities, with three under active exploitation, plus there\u2019s work for Exchange admins. Find out more.","og_url":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2023-11-20T10:58:46+00:00","article_modified_time":"2023-11-20T11:02:35+00:00","og_image":[{"width":2500,"height":1309,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-01.png","type":"image\/png"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Scritto da":"Lewis Pope","Tempo di lettura stimato":"4 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities","datePublished":"2023-11-20T10:58:46+00:00","dateModified":"2023-11-20T11:02:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes"},"wordCount":835,"publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"articleSection":["Head Nerds","Patch Management","Security"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes","url":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes","name":"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/#website"},"datePublished":"2023-11-20T10:58:46+00:00","dateModified":"2023-11-20T11:02:35+00:00","description":"November has five reported zero-day vulnerabilities, with three under active exploitation, plus there\u2019s work for Exchange admins. Find out more.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-november-2023-three-zero-days-under-exploit-and-easy-exchange-vulnerability-fixes#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Head Nerds","item":"https:\/\/www.n-able.com\/it\/blog\/category\/head-nerds-it"},{"@type":"ListItem","position":2,"name":"Patch Tuesday November 2023: Three Zero-Days Under Exploit and Easy Fixes for Exchange Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/it\/#website","url":"https:\/\/www.n-able.com\/it\/","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/it\/#organization","name":"N-able","url":"https:\/\/www.n-able.com\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/50624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/comments?post=50624"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/50624\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/media?parent=50624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}