December 2023 Patch Tuesday: 33 fixes none 0day

Microsoft's December 12, 2023 Patch Tuesday came with 33 security updates, and only four of them are considered critical.

This month, Microsoft is not patching any 0day vulnerabilities, and it's the second time in 2023 that a 0day hasn't been patched (June was the other month).patch tuesday

Of the 33 vulnerabilities patched this month, 11 are rated Exploitation More Likely according to Microsoft. Nearly three-quarters of these vulnerabilities involve elevation of privilege, while the others involve remote code execution (RCE) flaws.

Among the flaws most likely to be exploited is CVE-2023-35628, an RCE flaw in the Windows MSHTML platform.

CVE-2023-35636 is a flaw in Microsoft Outlook that could allow an attacker to "catch" NTLM hashes.

CVE-2023-36019, is a Microsoft Power Platform (and Azure Logic Apps) spoofing flaw that acts more like a code execution bug than a spoofing bug.

Microsoft also fixed CVE-2023-20588, a flaw in some AMD processor models, and CVE-2023-36696, an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter driver.

iGuRu.gr The Best Technology Site in Greecegns

Written by giorgos

George still wonders what he's doing here ...

One Comment

Leave a Reply

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).