www.belgium.be Logo of the federal government

WARNING: MICROSOFT PATCH TUESDAY DECEMBER 2023 PATCHES 34 VULNERABILITIES (4 CRITICAL, 30 IMPORTANT), PATCH IMMEDIATELY!

Reference: 
Advisory #2023-148
Version: 
1.0
Affected software: 
Azure Connected Machine Agent
Azure Machine Learning
Microsoft Bluetooth Driver
Microsoft Dynamics
Microsoft Office Outlook
Microsoft Office Word
Microsoft Power Platform Connector
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows DNS
Windows Cloud Files Mini Filter Driver
Windows Defender
Windows DHCP Server
Windows DPAPI (Data Protection Application Programming Interface)
Windows Internet Connection Sharing (ICS)
Windows Kernel
Windows Kernel-Mode Drivers
Windows Local Security Authority Subsystem Service (LSASS)
Windows Media
Windows MSHTML Platform
Windows ODBC Driver
Windows Telephony Server
Windows USB Mass Storage Class Driver
Windows Win32K
XAML Diagnostics
Type: 
Several types, ranging from information disclosure to remote code execution and privilege escalation.
CVE/CVSS: 

Microsoft patched 34 vulnerabilities in its December 2023 Patch Tuesday release, 4 rated as critical, 30 rated important.

  • 8 Remote Code Execution Vulnerabilities
  • 10 Elevation of Privilege Vulnerabilities
  • 5 Spoofing Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
Datum: 
13/12/2023

Sources

https://msrc.microsoft.com/update-guide/releaseNote/2023-Dec

Risks

Microsoft's December Patch Tuesday includes four critical and thirty important vulnerabilities for a wide range of Microsoft products, Affecting Microsoft Server, and Workstations.

Microsoft’s Patch Tuesday included a security update addressing the CVE-2023-20588 zero-day vulnerability affecting certain AMD processors.

Description

Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called "Patch Tuesday” and hold security fixes for Microsoft devices and software. This month's release covers thirty-four Microsoft vulnerabilities. Four vulnerabilities are marked as critical and thirty as important.

CVE-2023-35628 is a critical remote code execution vulnerability in the Windows MSHTML platform, with a CVSSv3.1 score of 8.1. A remote attacker can exploit CVE-2023-35628 by sending a weaponized email; Microsoft Outlook will process this email automatically, and it does not require user interaction.

CVE-2023-36019 is a critical spoofing vulnerability in the Microsoft Power Platform Connector, with a CVSSv3.1 score of 9.6. A remote attacker can exploit CVE-2023-36019 to direct a victim to a malicious link or application. While the vulnerability resides in the web server, the victim’s browser will execute malicious scripts.

CVE-2023-20588, a non-Microsoft CVE as part of December 2023 Patch Tuesday, involves a division-by-zero error on select AMD processors. CVE-2023-20588 received a medium CVSSv3.1 score of 5.5, with AMD assessing its potential impact as low, given that local access is required for exploitation. Successful exploitation of CVE-2023-20588 could potentially reveal speculative data, leading to a loss of confidentiality.

Recommended Actions

Patch

The Centre for Cyber Security Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-20588