Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Microsoft Dec 23 Patch Tuesday Highlights

Executive Summary

In the December 2023 Patch Tuesday, Microsoft released fixes for a total of 43 vulnerabilities. This includes 37 Microsoft CVEs and 6 non-Microsoft CVEs. There are 5 non-Microsoft issues related to Chromium and 1 issue related to AMD Chipset flaws.

Notably, there are no known zero-day threats targeting any of the vulnerabilities addressed in this batch of patches.

For more details, you can refer to the Microsoft December 2023 Security Updates.

We recommend that organisations prioritise the installation of these patches by adopting a risk-based approach. Please see below for brief information about the vulnerabilities with a CVSS score of 8 or higher that have been fixed in this release.

As a side note, you can explore the key highlights for Microsoft Patch Tuesday in November 2023 here.

Microsoft Edge

CVE-2023-35618:

  • Name: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
  • CVSS Score: 9.6

Please also note the below highlight from Microsoft:

Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security patch.

Microsoft highlights in its Microsoft Edge Release notes
Microsoft Power Platform

CVE-2023-36019:

  • Name: Microsoft Power Platform Connector Spoofing Vulnerability
  • CVSS Score: 9.6
Windows

CVE-2023-35630:

  • Name: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
  • CVSS Score: 8.8

CVE-2023-35639:

  • Name: Microsoft ODBC Driver Remote Code Execution Vulnerability
  • CVSS Score: 8.8

CVE-2023-35641:

  • Name: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
  • CVSS Score: 8.8

CVE-2023-36006:

  • Name: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
  • CVSS Score: 8.8

CVE-2023-35628:

  • Name: Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVSS Score: 8.1

CVE-2023-35634:

  • Name: Windows Bluetooth Driver Remote Code Execution Vulnerability
  • CVSS Score: 8.0

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.