Microsoft's December 12, 2023 Patch Tuesday came with 33 security updates, and only four of them are considered critical.
This month, Microsoft is not patching any 0day vulnerabilities, and it's the second time in 2023 that a 0day hasn't been patched (June was the other month).
Of the 33 vulnerabilities patched this month, 11 are rated Exploitation More Likely according to Microsoft. Nearly three-quarters of these vulnerabilities involve elevation of privilege, while the others involve remote code execution (RCE) flaws.
Among the flaws most likely to be exploited is CVE-2023-35628, an RCE flaw in the Windows MSHTML platform.
CVE-2023-35636 is a flaw in Microsoft Outlook that could allow an attacker to "catch" NTLM hashes.
CVE-2023-36019, is a Microsoft Power Platform (and Azure Logic Apps) spoofing flaw that acts more like a code execution bug than a spoofing bug.
Microsoft also fixed CVE-2023-20588, a flaw in some AMD processor models, and CVE-2023-36696, an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter driver.
Comment: How do I restore texts that were deleted by Virus: