- Microsoft's Copilot AI is coming to your Office apps - whether you like it or not
- How to track US election results on your iPhone, iPad or Apple Watch
- One of the most dependable robot vacuums I've tested isn't a Roborock or Roomba
- Sustainability: Real progress but also thorny challenges ahead
- The 45+ best Black Friday PlayStation 5 deals 2024: Early sales available now
Tripwire Patch Priority Index for December 2023
Tripwire’s December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.
First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure vulnerabilities. Please note that CVE-2023-7024 for Chrome is on the CISA Known Exploited Vulnerabilities (KEV) catalog, which means this vulnerability has been actively exploited.
Next on the patch priority list this month are patches for Microsoft Word and Outlook that resolve 2 information disclosure and 1 spoofing vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 20 vulnerabilities, including elevation of privilege, information disclosure, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, Media, Bluetooth Driver, ICS, MSHTML, Sysmain, and others.
Lastly, administrators should focus on server-side patches for DNS, DHCP, and Dynamics. These patches several numerous issues including spoofing, cross site scripting, denial of service, and information disclosure vulnerabilities.
BULLETIN |
CVE |
CVE-2023-7024 |
|
CVE-2023-6508, CVE-2023-6509, CVE-2023-6510, CVE-2023-6511, CVE-2023-6512, CVE-2023-35618, CVE-2023-36880, CVE-2023-38174 |
|
CVE-2023-36009 |
|
CVE-2023-35636, CVE-2023-35619 |
|
CVE-2023-21740, CVE-2023-35634, CVE-2023-36003, CVE-2023-35629, CVE-2023-36696, CVE-2023-35635, CVE-2023-35633, CVE-2023-36391, CVE-2023-36005, CVE-2023-36010, CVE-2023-35642, CVE-2023-35641, CVE-2023-35630, CVE-2023-35632, CVE-2023-35628, CVE-2023-35639, CVE-2023-36006, CVE-2023-35624, CVE-2023-36011, CVE-2023-35631, CVE-2023-36004, CVE-2023-20588, CVE-2023-36019, CVE-2023-35644 |
|
CVE-2023-35622 |
|
CVE-2023-35638, CVE-2023-36012, CVE-2023-35643 |
|
CVE-2023-36020, CVE-2023-35621 |