SBN

Patch Tuesday Update – December 2023

Frontline.Cloud will include the Microsoft Patch Tuesday checks in the NIRV 4.32.0 and Frontline Agent 2.2 releases.

  • Microsoft addressed 33 vulnerabilities in this release, including 4 rated as Critical and 8 Remote Code Execution vulnerabilities.

CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2023-36696 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Important 7.8 Elevation of Privilege No No
CVE-2023-36391 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Windows Local Security Authority Subsystem Service (LSASS) Important 7.8 Elevation of Privilege No No
CVE-2023-36020 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics Important 7.6 Spoofing No No
CVE-2023-36009 Microsoft Word Information Disclosure Vulnerability Microsoft Office Word Important 5.5 Information Disclosure No No
CVE-2023-36011 Win32k Elevation of Privilege Vulnerability Windows Win32K Important 7.8 Elevation of Privilege No No
CVE-2023-35625 Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability Azure Machine Learning Important 4.7 Information Disclosure No No
CVE-2023-21740 Windows Media Remote Code Execution Vulnerability Windows Media Important 7.8 Remote Code Execution No No
CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability Microsoft Power Platform Connector Critical 9.6 Spoofing No No
CVE-2023-36010 Microsoft Defender Denial of Service Vulnerability Windows Defender Important 7.5 Denial of Service No No
CVE-2023-36012 DHCP Server Service Information Disclosure Vulnerability Windows DHCP Server Important 5.3 Information Disclosure No No
CVE-2023-36003 XAML Diagnostics Elevation of Privilege Vulnerability XAML Diagnostics Important 6.7 Elevation of Privilege No No
CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability Windows DPAPI (Data Protection Application Programming Interface) Important 7.5 Spoofing No No
CVE-2023-36005 Windows Telephony Server Elevation of Privilege Vulnerability Windows Telephony Server Important 7.5 Elevation of Privilege No No
CVE-2023-36006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
CVE-2023-35638 DHCP Server Service Denial of Service Vulnerability Windows DHCP Server Important 7.5 Denial of Service No No
CVE-2023-35639 Microsoft ODBC Driver Remote Code Execution Vulnerability Windows ODBC Driver Important 8.8 Remote Code Execution No No
CVE-2023-35641 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Windows Internet Connection Sharing (ICS) Critical 8.8 Remote Code Execution No No
CVE-2023-35642 Internet Connection Sharing (ICS) Denial of Service Vulnerability Windows Internet Connection Sharing (ICS) Important 6.5 Denial of Service No No
CVE-2023-35643 DHCP Server Service Information Disclosure Vulnerability Windows DHCP Server Important 7.5 Information Disclosure No No
CVE-2023-35644 Windows Sysmain Service Elevation of Privilege Windows Kernel-Mode Drivers Important 7.8 Elevation of Privilege No No
CVE-2023-35628 Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML Platform Critical 8.1 Remote Code Execution No No
CVE-2023-35629 Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability Windows USB Mass Storage Class Driver Important 6.8 Remote Code Execution No No
CVE-2023-35630 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Windows Internet Connection Sharing (ICS) Critical 8.8 Remote Code Execution No No
CVE-2023-35631 Win32k Elevation of Privilege Vulnerability Windows Win32K Important 7.8 Elevation of Privilege No No
CVE-2023-35632 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Internet Connection Sharing (ICS) Important 7.8 Elevation of Privilege No No
CVE-2023-35633 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2023-35634 Windows Bluetooth Driver Remote Code Execution Vulnerability Microsoft Bluetooth Driver Important 8 Remote Code Execution No No
CVE-2023-35635 Windows Kernel Denial of Service Vulnerability Windows Kernel Important 5.5 Denial of Service No No
CVE-2023-35636 Microsoft Outlook Information Disclosure Vulnerability Microsoft Office Outlook Important 6.5 Information Disclosure No No
CVE-2023-35619 Microsoft Outlook for Mac Spoofing Vulnerability Microsoft Office Outlook Important 5.3 Spoofing No No
CVE-2023-35621 Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability Microsoft Dynamics Important 7.5 Denial of Service No No
CVE-2023-35622 Windows DNS Spoofing Vulnerability Microsoft Windows DNS Important 7.5 Spoofing No No
CVE-2023-35624 Azure Connected Machine Agent Elevation of Privilege Vulnerability Azure Connected Machine Agent Important 7.3 Elevation of Privilege No No
               

Quickly Find and Fix Your Most At-Risk Weaknesses

Watch this demo to see how Frontline VM can help.

WATCH THE VIDEO

The post Patch Tuesday Update – December 2023 appeared first on Digital Defense.

*** This is a Security Bloggers Network syndicated blog from Digital Defense authored by Digital Defense by Fortra. Read the original post at: https://www.digitaldefense.com/vulnerability-research/patch-tuesday-update-december-2023/