VERT Threat Alert: December 2023 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th.

In-The-Wild & Disclosed CVEs

CVE-2023-20588

AMD has released AMD-SB-7007 – Speculative Leaks Security Notice, which describes how some AMD processors can potentially return speculative data after a division-by-zero. The original AMD bulletin was issued on August 8, 2023. Microsoft has reported this vulnerability as Exploitation Less Likely.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.

Tag

CVE Count

CVEs

Microsoft Office Word

1

CVE-2023-36009

Windows Media

1

CVE-2023-21740

Azure Machine Learning

1

CVE-2023-35625

Microsoft Dynamics

2

CVE-2023-36020, CVE-2023-35621

Microsoft Bluetooth Driver

1

CVE-2023-35634

XAML Diagnostics

1

CVE-2023-36003

Windows USB Mass Storage Class Driver

1

CVE-2023-35629

Windows Cloud Files Mini Filter Driver

1

CVE-2023-36696

Windows Kernel

2

CVE-2023-35633, CVE-2023-35635

Windows Local Security Authority Subsystem Service (LSASS)

1

CVE-2023-36391

Windows Telephony Server

1

CVE-2023-36005

Windows Defender

1

CVE-2023-36010

Windows Internet Connection Sharing (ICS)

4

CVE-2023-35641, CVE-2023-35642, CVE-2023-35630, CVE-2023-35632

Windows MSHTML Platform

1

CVE-2023-35628

Windows ODBC Driver

1

CVE-2023-35639

Microsoft WDAC OLE DB provider for SQL

1

CVE-2023-36006

Azure Connected Machine Agent

1

CVE-2023-35624

Windows Win32K

2

CVE-2023-36011, CVE-2023-35631

Windows DPAPI (Data Protection Application Programming Interface)

1

CVE-2023-36004

Microsoft Office Outlook

2

CVE-2023-35636, CVE-2023-35619

Chipsets

1

CVE-2023-20588

Microsoft Power Platform Connector

1

CVE-2023-36019

Windows Kernel-Mode Drivers

1

CVE-2023-35644

Microsoft Windows DNS

1

CVE-2023-35622

Windows DHCP Server

3

CVE-2023-36012, CVE-2023-35638, CVE-2023-35643

Microsoft Edge (Chromium-based)

8

CVE-2023-6508, CVE-2023-6509, CVE-2023-6510, CVE-2023-6511, CVE-2023-6512, CVE-2023-35618, CVE-2023-38174, CVE-2023-36880

Other Information

At the time of publication, there were no new advisories included with the December Security Guidance.

 

 



Source link