Microsoft Patch Tuesday December 2023
Microsoft had a rather light patch Tuesday for us today. Today's set includes 4 critical, 30 important, and one moderate vulnerability. In addition, Microsoft included five Chromium patches that are part of Edge. Only one vulnerability was made public before today. No exploited vulnerabilities are patched today.
This will hopefully make for a not-too-stressful holiday patch month.
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice | |||||||
CVE-2023-20588 | Yes | No | - | - | Important | ||
Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||||
CVE-2023-35624 | No | No | - | - | Important | 7.3 | 6.4 |
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | |||||||
CVE-2023-35625 | No | No | - | - | Important | 4.7 | 4.1 |
Chromium: CVE-2023-6508 Use after free in Media Stream | |||||||
CVE-2023-6508 | No | No | - | - | - | ||
Chromium: CVE-2023-6509 Use after free in Side Panel Search | |||||||
CVE-2023-6509 | No | No | - | - | - | ||
Chromium: CVE-2023-6510 Use after free in Media Capture | |||||||
CVE-2023-6510 | No | No | - | - | - | ||
Chromium: CVE-2023-6511 Inappropriate implementation in Autofill | |||||||
CVE-2023-6511 | No | No | - | - | - | ||
Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI | |||||||
CVE-2023-6512 | No | No | - | - | - | ||
DHCP Server Service Denial of Service Vulnerability | |||||||
CVE-2023-35638 | No | No | - | - | Important | 7.5 | 6.5 |
DHCP Server Service Information Disclosure Vulnerability | |||||||
CVE-2023-36012 | No | No | - | - | Important | 5.3 | 4.6 |
CVE-2023-35643 | No | No | - | - | Important | 7.5 | 6.5 |
Internet Connection Sharing (ICS) Denial of Service Vulnerability | |||||||
CVE-2023-35642 | No | No | - | - | Important | 6.5 | 5.7 |
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | |||||||
CVE-2023-35641 | No | No | - | - | Critical | 8.8 | 7.7 |
CVE-2023-35630 | No | No | - | - | Critical | 8.8 | 7.7 |
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | |||||||
CVE-2023-36391 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft Defender Denial of Service Vulnerability | |||||||
CVE-2023-36010 | No | No | - | - | Important | 7.5 | 6.5 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||||
CVE-2023-36020 | No | No | - | - | Important | 7.6 | 6.6 |
Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | |||||||
CVE-2023-35621 | No | No | - | - | Important | 7.5 | 6.5 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||||
CVE-2023-35618 | No | No | Less Likely | Less Likely | Moderate | 9.6 | 8.3 |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||||
CVE-2023-38174 | No | No | Less Likely | Less Likely | Low | 4.3 | 3.8 |
CVE-2023-36880 | No | No | Less Likely | Less Likely | Low | 4.8 | 4.2 |
Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||||
CVE-2023-35639 | No | No | - | - | Important | 8.8 | 7.7 |
Microsoft Outlook Information Disclosure Vulnerability | |||||||
CVE-2023-35636 | No | No | - | - | Important | 6.5 | 5.7 |
Microsoft Outlook for Mac Spoofing Vulnerability | |||||||
CVE-2023-35619 | No | No | - | - | Important | 5.3 | 4.6 |
Microsoft Power Platform Connector Spoofing Vulnerability | |||||||
CVE-2023-36019 | No | No | - | - | Critical | 9.6 | 8.3 |
Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | |||||||
CVE-2023-35629 | No | No | - | - | Important | 6.8 | 5.9 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||||
CVE-2023-36006 | No | No | - | - | Important | 8.8 | 7.7 |
Microsoft Word Information Disclosure Vulnerability | |||||||
CVE-2023-36009 | No | No | - | - | Important | 5.5 | 4.8 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2023-36011 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-35631 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||||
CVE-2023-35632 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Bluetooth Driver Remote Code Execution Vulnerability | |||||||
CVE-2023-35634 | No | No | - | - | Important | 8.0 | 7.0 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||||
CVE-2023-36696 | No | No | - | - | Important | 7.8 | 6.8 |
Windows DNS Spoofing Vulnerability | |||||||
CVE-2023-35622 | No | No | - | - | Important | 7.5 | 6.5 |
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | |||||||
CVE-2023-36004 | No | No | - | - | Important | 7.5 | 6.5 |
Windows Kernel Denial of Service Vulnerability | |||||||
CVE-2023-35635 | No | No | - | - | Important | 5.5 | 4.8 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2023-35633 | No | No | - | - | Important | 7.8 | 6.8 |
Windows MSHTML Platform Remote Code Execution Vulnerability | |||||||
CVE-2023-35628 | No | No | - | - | Critical | 8.1 | 7.1 |
Windows Media Remote Code Execution Vulnerability | |||||||
CVE-2023-21740 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Sysmain Service Elevation of Privilege | |||||||
CVE-2023-35644 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Telephony Server Elevation of Privilege Vulnerability | |||||||
CVE-2023-36005 | No | No | - | - | Important | 7.5 | 6.5 |
XAML Diagnostics Elevation of Privilege Vulnerability | |||||||
CVE-2023-36003 | No | No | - | - | Important | 6.7 | 5.8 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Keywords: microsoft patch tuesday
0 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments