Microsoft December 2023 Patch Tuesday update Fixes 34 Security Flaws
Today Microsoft fixed at least 68 security vulnerabilities in its product portfolio. Here are Details on Microsoft's security updates in November's Patch Tuesday
Today is the second Tuesday of December 2023, and Microsoft has released its latest security updates. These updates address 34 vulnerabilities across various Microsoft products. Among them, Four are considered critical because they can allow attackers to gain higher privileges, execute remote code, or engage in spoofing activities, and the remaining 30 are classified as important. In this month’s update, Microsoft has also fixed one previously disclosed zero-day (CVE-2023-20588), a vulnerability affecting Advanced Micro Devices (AMD) processors.
Microsoft patched 34 CVEs in its December 2023 Patch Tuesday Release, including one previously disclosed zero-day (CVE-2023-20588), with Four rated as critical and 30 rated as important.
Microsoft December 2023 Patch Tuesday update
34 vulnerabilities this December Patch Tuesday including a single zero-day vulnerability and three critical remote code execution (RCE) vulnerabilities.
- AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice
- CVE-2023-36019: Microsoft Power Platform Connector Spoofing Vulnerability
- CVE-2023-35630: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
- CVE-2023-35641: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
- CVE-2023-35628: Windows MSHTML Platform Remote Code Execution Vulnerability
AMD processors received a patch for CVE-2023-20588, a division-by-zero error potentially revealing speculative data. The patch is rated Important with a CVSS score of 5.5, following mitigations released in August 2023.
Critical vulnerabilities impact Microsoft systems. CVE-2023-35628, an 8.1 CVSS-rated RCE, requires a crafted email triggering automatically in Outlook. CVE-2023-35630 and CVE-2023-35641, both CVSS 8.8, are RCE vulnerabilities in Microsoft Internet Connection Sharing, exploiting the same network segment.
CVE-2023-36019, a Critical spoofing vulnerability with a 9.6 CVSS score, affects the Microsoft Power Platform Connector. Exploitation relies on users clicking a crafted URL, with Microsoft addressing it by updating OAuth 2.0 connectors.
Windows security updates
In addition to Microsoft security updates, this December 2023 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5033372 for Windows 10 and KB5033375 for Windows 10 version 23H2. So if you are running any of these Windows versions make sure you update them as you install the new patches.
Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023
Windows 11 KB5033375