Skip to content

2023-097: Critical Vulnerabilities in Microsoft Products

Table of Contents

On December 12, 2023, Microsoft released the December 2023 Patch Tuesday which includes security updates for a total of 35 flaws. Among the vulnerabilities, four were rated as critical.
It is recommended updating affected products as soon as possible.


Microsoft December 2023 Patch Tuesday Security Updates

Microsoft December 2023 Patch Tuesday Security Updates

History

On December 12, 2023, Microsoft released the December 2023 Patch Tuesday which includes security updates for a total of 35 flaws. Among the vulnerabilities, four were rated as critical.

Source: Bleeping Computer

Summary

It is recommended updating affected products as soon as possible.

Technical Details

The vulnerabilities CVE-2023-35630 and CVE-2023-35641, both with a CVSS score of 8.8, affect the Windows Internet Connection Sharing (ICS) service. By sending maliciously crafted DHCP messages, an attacker could achieve remote code execution.

The vulnerability CVE-2023-36019, with a CVSS score of 9.6, affects Microsoft Power Platform Connector. An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate one and trick the victim.

The vulnerability CVE-2023-35628, with a CVSS score of 8.1, affects the Windows MSHTML component. An attacker could exploit this vulnerability by sending a malicious link to the victim via email or convincing the user to click the link, resulting in remote code execution.

Affected Products

The vulnerabilities affect various Microsoft Windows products, including Windows Server, Windows Client, Azure, Microsoft Office, Microsoft Edge, and Microsoft 365.

For more information about specific versions, please refer to the Microsoft advisory.

Recommendations

It is recommended updating affected products as soon as possible.

References

  1. Bleeping Computer
  2. CVE-2023-35630
  3. CVE-2023-35641
  4. CVE-2023-36019
  5. CVE-2023-35628
  6. Microsoft advisory

```htmlMITRE ATT&CK Matrix Analysis

MITRE ATT&CK Matrix Analysis from December 2023 Patch Tuesday Advisory

Enterprise Layer

Tactic Technique/Sub-Technique Potential Attacker Groups Mitigation Techniques
Initial Access T1192 - Spearphishing Link
T1566.002 - Phishing: Spearphishing Link
APT groups, Cybercriminals Update affected products, User training
Execution T1203 - Exploitation for Client Execution APT groups, Cybercriminals Update affected products, Disable unnecessary services
Privilege Escalation T1068 - Exploitation for Privilege Escalation APT groups, Cybercriminals Update affected products, Least privilege principle
Defense Evasion T1027 - Obfuscated Files or Information APT groups, Cybercriminals Update affected products, Employ anti-malware solutions

Mobile and ICS Layers

While the disclosed vulnerabilities do not specifically target Mobile or ICS environments, the techniques used by attackers exploiting these vulnerabilities could overlap with Mobile and ICS domains. In those domains, similar mitigation strategies would apply, such as keeping systems up to date and following security best practices.

Recommendations: Across all layers, the primary recommendation is to update all affected Microsoft products as detailed in the advisory Microsoft advisory [6].

References

```


This post was generated entirely by an AI language model. Source: CERT EU

Latest

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

2024-117: Zero-Day Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks released security updates for two actively exploited zero-day vulnerabilities in Palo Alto Networks PAN-OS. If exploited, these vulnerabilities could allow a remote unauthenticated attacker to gain administrator privileges, or a PAN-OS administrator to perform actions on the firewall with root privileges. It recommended applying the updates and

Members Public
Modern zsarolóvírusok

Modern zsarolóvírusok

A Magyar Védelmi Beszerzési Ügnynökséget az INC Ransom csoport támadta és zsarolta meg 2024. októberében. Az elmúlt időszakban megszaporodtak azok a magyarországi zsarolóvírus támadások, amelyek során az INC és a vele csaknem 71%-ban azonos Lynx zsarolóvírusokat használták a támadók.

Members Public