7.7 C
Wednesday, December 13, 2023

33 Flaws Fastened, Together with 4 Vital

Dec 13, 2023NewsroomPatch Tuesday / Home windows Safety


Microsoft launched its ultimate set of Patch Tuesday updates for 2023, closing out 33 flaws in its software program, making it one of many lightest releases lately.

Of the 33 shortcomings, 4 are rated Vital and 29 are rated Necessary in severity. The fixes are along with 18 flaws Microsoft addressed in its Chromium-based Edge browser because the launch of Patch Tuesday updates for November 2023.

In response to information from the Zero Day Initiative, the software program large has patched greater than 900 flaws this 12 months, making it one of many busiest years for Microsoft patches. For comparability, Redmond resolved 917 CVEs in 2022.

Whereas not one of the vulnerabilities are listed as publicly identified or beneath energetic assault on the time of launch, a few of the notable ones are listed beneath –

  • CVE-2023-35628 (CVSS rating: 8.1) – Home windows MSHTML Platform Distant Code Execution Vulnerability
  • CVE-2023-35630 (CVSS rating: 8.8) – Web Connection Sharing (ICS) Distant Code Execution Vulnerability
  • CVE-2023-35636 (CVSS rating: 6.5) – Microsoft Outlook Info Disclosure Vulnerability
  • CVE-2023-35639 (CVSS rating: 8.8) – Microsoft ODBC Driver Distant Code Execution Vulnerability
  • CVE-2023-35641 (CVSS rating: 8.8) – Web Connection Sharing (ICS) Distant Code Execution Vulnerability
  • CVE-2023-35642 (CVSS rating: 6.5) – Web Connection Sharing (ICS) Denial-of-Service Vulnerability
  • CVE-2023-36019 (CVSS rating: 9.6) – Microsoft Energy Platform Connector Spoofing Vulnerability

CVE-2023-36019 can also be vital as a result of it permits the attacker to ship a specifically crafted URL to the goal, ensuing within the execution of malicious scripts within the sufferer’s browser on their machine.


Beat AI-Powered Threats with Zero Belief – Webinar for Safety Professionals

Conventional safety measures will not reduce it in at this time’s world. It is time for Zero Belief Safety. Safe your information like by no means earlier than.

Be a part of Now

“An attacker might manipulate a malicious hyperlink, utility, or file to disguise it as a reliable hyperlink or file to trick the sufferer,” Microsoft stated in an advisory.

Microsoft’s Patch Tuesday replace additionally plugs three flaws within the Dynamic Host Configuration Protocol (DHCP) server service that might result in a denial-of-service or data disclosure –

  • CVE-2023-35638 (CVSS rating: 7.5) – DHCP Server Service Denial-of-Service Vulnerability
  • CVE-2023-35643 (CVSS rating: 7.5) – DHCP Server Service Info Disclosure Vulnerability
  • CVE-2023-36012 (CVSS rating: 5.3) – DHCP Server Service Info Disclosure Vulnerability

The disclosure additionally comes as Akamai found a brand new set of assaults towards Lively Listing domains that use Microsoft Dynamic Host Configuration Protocol (DHCP) servers.

“These assaults might enable attackers to spoof delicate DNS information, leading to various penalties from credential theft to full Lively Listing area compromise,” Ori David stated in a report final week. “The assaults do not require any credentials, and work with the default configuration of Microsoft DHCP server.”

The online infrastructure and safety firm additional famous the impression of the issues might be vital as they are often exploited to spoof DNS information on Microsoft DNS servers, together with an unauthenticated arbitrary DNS report overwrite, thereby enabling an actor to realize a machine-in-the-middle place on hosts within the area and entry delicate information.

Microsoft, in response to the findings, stated the “issues are both by design, or not extreme sufficient to obtain a repair,” necessitating that customers Disable DHCP DNS Dynamic Updates if not required and chorus from utilizing DNSUpdateProxy.


Software program Patches from Different Distributors

Aside from Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.

Latest news
Related news


Please enter your comment!
Please enter your name here