Microsoft Patch Tuesday December 2023

Published: 2023-12-12. Last Updated: 2023-12-12 18:25:35 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Microsoft had a rather light patch Tuesday for us today. Today's set includes  4 critical, 30 important, and one moderate vulnerability. In addition, Microsoft included five Chromium patches that are part of Edge. Only one vulnerability was made public before today. No exploited vulnerabilities are patched today.

This will hopefully make for a not-too-stressful holiday patch month.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice
CVE-2023-20588 Yes No - - Important    
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2023-35624 No No - - Important 7.3 6.4
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
CVE-2023-35625 No No - - Important 4.7 4.1
Chromium: CVE-2023-6508 Use after free in Media Stream
CVE-2023-6508 No No - - -    
Chromium: CVE-2023-6509 Use after free in Side Panel Search
CVE-2023-6509 No No - - -    
Chromium: CVE-2023-6510 Use after free in Media Capture
CVE-2023-6510 No No - - -    
Chromium: CVE-2023-6511 Inappropriate implementation in Autofill
CVE-2023-6511 No No - - -    
Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI
CVE-2023-6512 No No - - -    
DHCP Server Service Denial of Service Vulnerability
CVE-2023-35638 No No - - Important 7.5 6.5
DHCP Server Service Information Disclosure Vulnerability
CVE-2023-36012 No No - - Important 5.3 4.6
CVE-2023-35643 No No - - Important 7.5 6.5
Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2023-35642 No No - - Important 6.5 5.7
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVE-2023-35641 No No - - Critical 8.8 7.7
CVE-2023-35630 No No - - Critical 8.8 7.7
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2023-36391 No No - - Important 7.8 6.8
Microsoft Defender Denial of Service Vulnerability
CVE-2023-36010 No No - - Important 7.5 6.5
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36020 No No - - Important 7.6 6.6
Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
CVE-2023-35621 No No - - Important 7.5 6.5
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2023-35618 No No Less Likely Less Likely Moderate 9.6 8.3
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2023-38174 No No Less Likely Less Likely Low 4.3 3.8
CVE-2023-36880 No No Less Likely Less Likely Low 4.8 4.2
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-35639 No No - - Important 8.8 7.7
Microsoft Outlook Information Disclosure Vulnerability
CVE-2023-35636 No No - - Important 6.5 5.7
Microsoft Outlook for Mac Spoofing Vulnerability
CVE-2023-35619 No No - - Important 5.3 4.6
Microsoft Power Platform Connector Spoofing Vulnerability
CVE-2023-36019 No No - - Critical 9.6 8.3
Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability
CVE-2023-35629 No No - - Important 6.8 5.9
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36006 No No - - Important 8.8 7.7
Microsoft Word Information Disclosure Vulnerability
CVE-2023-36009 No No - - Important 5.5 4.8
Win32k Elevation of Privilege Vulnerability
CVE-2023-36011 No No - - Important 7.8 6.8
CVE-2023-35631 No No - - Important 7.8 6.8
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2023-35632 No No - - Important 7.8 6.8
Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-35634 No No - - Important 8.0 7.0
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36696 No No - - Important 7.8 6.8
Windows DNS Spoofing Vulnerability
CVE-2023-35622 No No - - Important 7.5 6.5
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
CVE-2023-36004 No No - - Important 7.5 6.5
Windows Kernel Denial of Service Vulnerability
CVE-2023-35635 No No - - Important 5.5 4.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35633 No No - - Important 7.8 6.8
Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2023-35628 No No - - Critical 8.1 7.1
Windows Media Remote Code Execution Vulnerability
CVE-2023-21740 No No - - Important 7.8 6.8
Windows Sysmain Service Elevation of Privilege
CVE-2023-35644 No No - - Important 7.8 6.8
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2023-36005 No No - - Important 7.5 6.5
XAML Diagnostics Elevation of Privilege Vulnerability
CVE-2023-36003 No No - - Important 6.7 5.8

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

0 comment(s)
ISC Stormcast For Tuesday, December 12th, 2023 https://isc.sans.edu/podcastdetail/8774

Comments


Diary Archives