Microsoft launched its ultimate set of Patch Tuesday updates for 2023, closing out 33 flaws in its software program, making it one of many lightest releases lately.
Of the 33 shortcomings, 4 are rated Vital and 29 are rated Necessary in severity. The fixes are along with 18 flaws Microsoft addressed in its Chromium-based Edge browser because the launch of Patch Tuesday updates for November 2023.
In response to information from the Zero Day Initiative, the software program large has patched greater than 900 flaws this 12 months, making it one of many busiest years for Microsoft patches. For comparability, Redmond resolved 917 CVEs in 2022.
Whereas not one of the vulnerabilities are listed as publicly identified or beneath energetic assault on the time of launch, a few of the notable ones are listed beneath –
- CVE-2023-35628 (CVSS rating: 8.1) – Home windows MSHTML Platform Distant Code Execution Vulnerability
- CVE-2023-35630 (CVSS rating: 8.8) – Web Connection Sharing (ICS) Distant Code Execution Vulnerability
- CVE-2023-35636 (CVSS rating: 6.5) – Microsoft Outlook Info Disclosure Vulnerability
- CVE-2023-35639 (CVSS rating: 8.8) – Microsoft ODBC Driver Distant Code Execution Vulnerability
- CVE-2023-35641 (CVSS rating: 8.8) – Web Connection Sharing (ICS) Distant Code Execution Vulnerability
- CVE-2023-35642 (CVSS rating: 6.5) – Web Connection Sharing (ICS) Denial-of-Service Vulnerability
- CVE-2023-36019 (CVSS rating: 9.6) – Microsoft Energy Platform Connector Spoofing Vulnerability
CVE-2023-36019 can also be vital as a result of it permits the attacker to ship a specifically crafted URL to the goal, ensuing within the execution of malicious scripts within the sufferer’s browser on their machine.
Beat AI-Powered Threats with Zero Belief – Webinar for Safety Professionals
Conventional safety measures will not reduce it in at this time’s world. It is time for Zero Belief Safety. Safe your information like by no means earlier than.
“An attacker might manipulate a malicious hyperlink, utility, or file to disguise it as a reliable hyperlink or file to trick the sufferer,” Microsoft stated in an advisory.
Microsoft’s Patch Tuesday replace additionally plugs three flaws within the Dynamic Host Configuration Protocol (DHCP) server service that might result in a denial-of-service or data disclosure –
- CVE-2023-35638 (CVSS rating: 7.5) – DHCP Server Service Denial-of-Service Vulnerability
- CVE-2023-35643 (CVSS rating: 7.5) – DHCP Server Service Info Disclosure Vulnerability
- CVE-2023-36012 (CVSS rating: 5.3) – DHCP Server Service Info Disclosure Vulnerability
The disclosure additionally comes as Akamai found a brand new set of assaults towards Lively Listing domains that use Microsoft Dynamic Host Configuration Protocol (DHCP) servers.
“These assaults might enable attackers to spoof delicate DNS information, leading to various penalties from credential theft to full Lively Listing area compromise,” Ori David stated in a report final week. “The assaults do not require any credentials, and work with the default configuration of Microsoft DHCP server.”
The online infrastructure and safety firm additional famous the impression of the issues might be vital as they are often exploited to spoof DNS information on Microsoft DNS servers, together with an unauthenticated arbitrary DNS report overwrite, thereby enabling an actor to realize a machine-in-the-middle place on hosts within the area and entry delicate information.
Microsoft, in response to the findings, stated the “issues are both by design, or not extreme sufficient to obtain a repair,” necessitating that customers Disable DHCP DNS Dynamic Updates if not required and chorus from utilizing DNSUpdateProxy.
Software program Patches from Different Distributors
Aside from Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —
OnePlus Bullets Z2 Bluetooth Wireless in Ear Earphones with Mic, Bombastic Bass - 12.4 Mm Drivers, 10 Mins Charge - 20 Hrs Music, 30 Hrs Battery Life (Magico Black)
₹1,499.00 (as of December 12, 2023 17:32 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
realme narzo N53 (Feather Gold, 8GB+128GB) 33W Segment Fastest Charging | Slimmest Phone in Segment | 90 Hz Smooth Display
₹9,999.00 (as of December 12, 2023 17:32 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
realme narzo 60X 5G(Stellar Green,6GB,128GB Storage ) Up to 2TB External Memory | 50 MP AI Primary Camera | Segments only 33W Supervooc Charge
₹14,499.00 (as of December 12, 2023 17:32 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Redmi 13C (Stardust Black, 4GB RAM, 128GB Storage) | 90Hz Display | 50MP AI Triple Camera
₹8,999.00 (as of December 12, 2023 17:32 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
MI Power Bank 3i 20000mAh Lithium Polymer 18W Fast Power Delivery Charging | Input- Type C | Micro USB| Triple Output | Sandstone Black
₹1,999.00 (as of December 12, 2023 17:32 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Portronics Konnect L 1.2M POR-1401 Fast Charging 3A 8 Pin USB Cable with Charge & Sync Function (White)
₹129.00 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
TP-Link AC750 Wifi Range Extender | Up to 750Mbps | Dual Band WiFi Extender, Repeater, Wifi Signal Booster, Access Point| Easy Set-Up | Extends Wifi to Smart Home & Alexa Devices (RE200)
₹1,799.00 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
STRIFF Adjustable Laptop Tabletop Stand Patented Riser Ventilated Portable Foldable Compatible with MacBook Notebook Tablet Tray Desk Table Book with Free Phone Stand (Black)
₹299.00 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Portronics My Buddy K Portable Laptop Stand with Adjustable Height, Foldable, OverHeating Protection for Laptops & MacBooks (Grey)
₹499.00 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
LAPSTER Spiral Charger Spiral Charger Cable Protectors for Wires Data Cable Saver Charging Cord Protective Cable Cover Set of 3 (12 Pieces)
₹59.00 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD Ryzen™ 7 5700X 8-Core, 16-Thread Unlocked Desktop Processor
$169.00 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
UnionSine 1TB Ultra Slim Portable External Hard Drive HDD-USB 3.0 for PC, Mac, Laptop, PS4, Xbox one,Xbox 360-Super Fast Transmission-HD-2510(Black)
$51.79 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Corsair RM850x (2021) Fully Modular ATX Power Supply - 80 PLUS Gold - Low-Noise Fan - Zero RPM - Black
$149.99 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
WD 5TB Elements Portable HDD, External Hard Drive, USB 3.0 for PC & Mac, Plug and Play Ready - WDBU6Y0050BBK-WESN
$119.99 (as of December 12, 2023 17:38 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)