Table of Contents
On December 12, 2023, Microsoft released the December 2023 Patch Tuesday which includes security updates for a total of 35 flaws. Among the vulnerabilities, four were rated as critical.
It is recommended updating affected products as soon as possible.
Microsoft December 2023 Patch Tuesday Security Updates
Microsoft December 2023 Patch Tuesday Security Updates
History
On December 12, 2023, Microsoft released the December 2023 Patch Tuesday which includes security updates for a total of 35 flaws. Among the vulnerabilities, four were rated as critical.
Source: Bleeping Computer
Summary
It is recommended updating affected products as soon as possible.
Technical Details
The vulnerabilities CVE-2023-35630 and CVE-2023-35641, both with a CVSS score of 8.8, affect the Windows Internet Connection Sharing (ICS) service. By sending maliciously crafted DHCP messages, an attacker could achieve remote code execution.
The vulnerability CVE-2023-36019, with a CVSS score of 9.6, affects Microsoft Power Platform Connector. An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate one and trick the victim.
The vulnerability CVE-2023-35628, with a CVSS score of 8.1, affects the Windows MSHTML component. An attacker could exploit this vulnerability by sending a malicious link to the victim via email or convincing the user to click the link, resulting in remote code execution.
Affected Products
The vulnerabilities affect various Microsoft Windows products, including Windows Server, Windows Client, Azure, Microsoft Office, Microsoft Edge, and Microsoft 365.
For more information about specific versions, please refer to the Microsoft advisory.
Recommendations
It is recommended updating affected products as soon as possible.
References
```htmlMITRE ATT&CK Matrix Analysis
MITRE ATT&CK Matrix Analysis from December 2023 Patch Tuesday Advisory
Enterprise Layer
| Tactic | Technique/Sub-Technique | Potential Attacker Groups | Mitigation Techniques |
|---|---|---|---|
| Initial Access |
T1192 - Spearphishing Link T1566.002 - Phishing: Spearphishing Link |
APT groups, Cybercriminals | Update affected products, User training |
| Execution | T1203 - Exploitation for Client Execution | APT groups, Cybercriminals | Update affected products, Disable unnecessary services |
| Privilege Escalation | T1068 - Exploitation for Privilege Escalation | APT groups, Cybercriminals | Update affected products, Least privilege principle |
| Defense Evasion | T1027 - Obfuscated Files or Information | APT groups, Cybercriminals | Update affected products, Employ anti-malware solutions |
Mobile and ICS Layers
While the disclosed vulnerabilities do not specifically target Mobile or ICS environments, the techniques used by attackers exploiting these vulnerabilities could overlap with Mobile and ICS domains. In those domains, similar mitigation strategies would apply, such as keeping systems up to date and following security best practices.
Recommendations: Across all layers, the primary recommendation is to update all affected Microsoft products as detailed in the advisory Microsoft advisory [6].
References
- BleepingComputer [1]
- CVE-2023-35630 [2]
- CVE-2023-35641 [3]
- CVE-2023-36019 [4]
- CVE-2023-35628 [5]
- Microsoft advisory [6]
```
This post was generated entirely by an AI language model. Source: CERT EU
