HomeVulnerabilityMicrosoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day

At the moment is Microsoft’s December 2023 Patch Tuesday, which incorporates security updates for a complete of 34 flaws and one beforehand disclosed, unpatched vulnerability in AMD CPUs.

Whereas eight distant code execution (RCE) bugs have been mounted, Microsoft solely rated three as vital. In complete, there have been 4 vital vulnerabilities, with one in Energy Platform (Spoofing), two in Web Connection Sharing (RCE), and one in Home windows MSHTML Platform (RCE).

The variety of bugs in every vulnerability class is listed under:

  • 10 Elevation of Privilege Vulnerabilities
  • 8 Distant Code Execution Vulnerabilities
  • 6 Data Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 5 Spoofing Vulnerabilities

The whole depend of 34 flaws doesn’t embody 8 Microsoft Edge flaws mounted on December seventh.

To study extra concerning the non-security updates launched in the present day, you’ll be able to overview our devoted articles on the brand new Home windows 11 KB5033375 cumulative replace and Home windows 10 KB5033372 cumulative replace.

One publicly disclosed zero-day mounted

This month’s Patch Tuesday fixes one AMD zero-day vulnerability disclosed in August that beforehand remained unpatched.

The ‘CVE-2023-20588 – AMD: CVE-2023-20588 AMD Speculative Leaks‘ vulnerability is a division-by-zero bug in particular AMD processors that would probably return delicate knowledge.

The flaw was disclosed in August 2023, with AMD not offering any fixes apart from recommending the next mitigation.

“For affected merchandise, AMD recommends following software program growth finest practices,” reads an AMD bulletin on CVE-2023-20588.

“Builders can mitigate this subject by guaranteeing that no privileged knowledge is utilized in division operations previous to altering privilege boundaries. AMD believes that the potential impression of this vulnerability is low as a result of it requires native entry. “

See also  Azure Service Tags tagged as security danger, Microsoft disagrees

As a part of in the present day’s December Patch Tuesday updates, Microsoft has launched a security replace that resolves this bug in impacted AMD processors.

Latest updates from different firms

Different distributors who launched updates or advisories in December 2023 embody:

The December 2023 Patch Tuesday Safety Updates

Under is the whole checklist of resolved vulnerabilities within the December 2023 Patch Tuesday updates.

To entry the complete description of every vulnerability and the methods it impacts, you’ll be able to view the complete report right here.

Tag CVE ID CVE Title Severity
Azure Related Machine Agent CVE-2023-35624 Azure Related Machine Agent Elevation of Privilege Vulnerability Necessary
Azure Machine Studying CVE-2023-35625 Azure Machine Studying Compute Occasion for SDK Customers Data Disclosure Vulnerability Necessary
Chipsets CVE-2023-20588 AMD: CVE-2023-20588 AMD Speculative Leaks Safety Discover Necessary
Microsoft Bluetooth Driver CVE-2023-35634 Home windows Bluetooth Driver Distant Code Execution Vulnerability Necessary
Microsoft Dynamics CVE-2023-35621 Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability Necessary
Microsoft Dynamics CVE-2023-36020 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Necessary
Microsoft Edge (Chromium-based) CVE-2023-35618 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Average
Microsoft Edge (Chromium-based) CVE-2023-36880 Microsoft Edge (Chromium-based) Data Disclosure Vulnerability Low
Microsoft Edge (Chromium-based) CVE-2023-38174 Microsoft Edge (Chromium-based) Data Disclosure Vulnerability Low
Microsoft Edge (Chromium-based) CVE-2023-6509 Chromium: CVE-2023-6509 Use after free in Aspect Panel Search Unknown
Microsoft Edge (Chromium-based) CVE-2023-6512 Chromium: CVE-2023-6512 Inappropriate implementation in Net Browser UI Unknown
Microsoft Edge (Chromium-based) CVE-2023-6508 Chromium: CVE-2023-6508 Use after free in Media Stream Unknown
Microsoft Edge (Chromium-based) CVE-2023-6511 Chromium: CVE-2023-6511 Inappropriate implementation in Autofill Unknown
Microsoft Edge (Chromium-based) CVE-2023-6510 Chromium: CVE-2023-6510 Use after free in Media Seize Unknown
Microsoft Workplace Outlook CVE-2023-35636 Microsoft Outlook Data Disclosure Vulnerability Necessary
Microsoft Workplace Outlook CVE-2023-35619 Microsoft Outlook for Mac Spoofing Vulnerability Necessary
Microsoft Workplace Phrase CVE-2023-36009 Microsoft Phrase Data Disclosure Vulnerability Necessary
Microsoft Energy Platform Connector CVE-2023-36019 Microsoft Energy Platform Connector Spoofing Vulnerability Crucial
Microsoft WDAC OLE DB supplier for SQL CVE-2023-36006 Microsoft WDAC OLE DB supplier for SQL Server Distant Code Execution Vulnerability Necessary
Microsoft Home windows DNS CVE-2023-35622 Home windows DNS Spoofing Vulnerability Necessary
Home windows Cloud Information Mini Filter Driver CVE-2023-36696 Home windows Cloud Information Mini Filter Driver Elevation of Privilege Vulnerability Necessary
Home windows Defender CVE-2023-36010 Microsoft Defender Denial of Service Vulnerability Necessary
Home windows DHCP Server CVE-2023-35643 DHCP Server Service Data Disclosure Vulnerability Necessary
Home windows DHCP Server CVE-2023-35638 DHCP Server Service Denial of Service Vulnerability Necessary
Home windows DHCP Server CVE-2023-36012 DHCP Server Service Data Disclosure Vulnerability Necessary
Home windows DPAPI (Data Safety Software Programming Interface) CVE-2023-36004 Home windows DPAPI (Data Safety Software Programming Interface) Spoofing Vulnerability Necessary
Home windows Web Connection Sharing (ICS) CVE-2023-35642 Web Connection Sharing (ICS) Denial of Service Vulnerability Necessary
Home windows Web Connection Sharing (ICS) CVE-2023-35630 Web Connection Sharing (ICS) Distant Code Execution Vulnerability Crucial
Home windows Web Connection Sharing (ICS) CVE-2023-35632 Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability Necessary
Home windows Web Connection Sharing (ICS) CVE-2023-35641 Web Connection Sharing (ICS) Distant Code Execution Vulnerability Crucial
Home windows Kernel CVE-2023-35633 Home windows Kernel Elevation of Privilege Vulnerability Necessary
Home windows Kernel CVE-2023-35635 Home windows Kernel Denial of Service Vulnerability Necessary
Home windows Kernel-Mode Drivers CVE-2023-35644 Home windows Sysmain Service Elevation of Privilege Necessary
Home windows Native Safety Authority Subsystem Service (LSASS) CVE-2023-36391 Native Safety Authority Subsystem Service Elevation of Privilege Vulnerability Necessary
Home windows Media CVE-2023-21740 Home windows Media Distant Code Execution Vulnerability Necessary
Home windows MSHTML Platform CVE-2023-35628 Home windows MSHTML Platform Distant Code Execution Vulnerability Crucial
Home windows ODBC Driver CVE-2023-35639 Microsoft ODBC Driver Distant Code Execution Vulnerability Necessary
Home windows Telephony Server CVE-2023-36005 Home windows Telephony Server Elevation of Privilege Vulnerability Necessary
Home windows USB Mass Storage Class Driver CVE-2023-35629 Microsoft USBHUB 3.0 System Driver Distant Code Execution Vulnerability Necessary
Home windows Win32K CVE-2023-36011 Win32k Elevation of Privilege Vulnerability Necessary
Home windows Win32K CVE-2023-35631 Win32k Elevation of Privilege Vulnerability Necessary
XAML Diagnostics CVE-2023-36003 XAML Diagnostics Elevation of Privilege Vulnerability Necessary
See also  The Weak Hyperlink in Organizational SaaS Safety
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular