Home Latest Cyber Security News | Network Security Hacking Microsoft Patch Tuesday December Addressed 33 Vulnerabilities
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Microsoft Patch Tuesday December Addressed 33 Vulnerabilities

by Abeerah Hashim
written by Abeerah Hashim
Microsoft Patch Tuesday March 2024 arrived with 60 bug fixes

This week marked the release of the last patch Tuesday updates for Microsoft users for 2023. The December Patch Tuesday arrived as a modest update bundle from Microsoft, carrying 33 vulnerability fixes only.

Four Critical Vulnerabilities Patched This Month

While the December Patch Tuesday carried fewer bug fixes, it did address some critical vulnerabilities in different Microsoft products.

Specifically, Microsoft patched the following four critical severity issues.

  • CVE-2023-35641 (CVSS 8.8): It affected the Internet Connection Sharing (ICS) Windows service, allowing an adversary to target adjacent systems on the same network. Microsoft explained that exploiting the flaw required the adversary to be on the same network segment, limiting the scope of flaw to the same switch network or a virtual network. Then, sending maliciously crafted DHCP message to the target server running the ICS could allow remote code execution.
  • CVE-2023-35630 (CVSS 8.8): Another similar RCE flaw in the ICS, exploiting which required the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.
  • CVE-2023-36019 (CVSS 9.6): A spoofing vulnerability with less likely exploitation but a severe impact in the Microsoft Power Platform Connector. An adversary could execute malicious scripts on the target system after tricking the victim user into clicking a maliciously crafted URL.
  • CVE-2023-35628 (CVSS 8.1): A remote code execution vulnerability in the Windows MSHTML Platform. Exploiting this flaw required the adversary to trick the victim user into clicking on a maliciously crafted link. Nonetheless, worst-case exploitation scenarios may not require user input, as merely receiving the malicious email could trigger the exploit.

Other Microsoft Patch Tuesday December Bug Fixes

Besides the four critical vulnerabilities, Microsoft addressed 29 other important severity vulnerabilities affecting different products. These include 5 denial of service vulnerabilities, 10 privilege escalation flaws, 5 information disclosure vulnerabilities, 5 remote code execution vulnerabilities, 3 spoofing vulnerabilities, and 1 cross-site scripting (XSS) flaw. In addition, this month’s update bundle also includes some third-party patches.

Microsoft has rolled out these updates publicly; yet users should still check their systems for any updates manually to ensure receiving the bug fixes on time.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...