Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
This month, Microsoft increased user security by eliminating dangerous and critical vulnerabilities in its systems.
Microsoft's December 2023 Update Tuesday includes security updates for 34 flaws and one zero-day vulnerability in AMD processors.
Although 8 Remote Code Execution (RCE) vulnerabilities were patched, Microsoft rated only 3 as "critical". A total of 4 critical vulnerabilities were discovered: one in the Power Platform (Spoofing), two in Internet Connection Sharing (RCE), and one in the Windows MSHTML platform (RCE).
The number of errors in each vulnerability category is shown below:
For more information about the non-security updates released on patch Tuesday, please visit the Windows 11 Cumulative Update KB5033375 and Windows 10 Cumulative Update KB5033372 pages .
Publicly disclosed zero-day vulnerability
In December's Patch Tuesday, Microsoft is patching one zero-day vulnerability in affected AMD processors discovered in August that previously remained unpatched.
CVE-2023-20588 (CVSS: 5.5) is a divide-by-zero vulnerability in certain AMD processors that exposes sensitive data. The bug was discovered in August 2023, and AMD did not provide any fixes other than troubleshooting recommendations.
Developers can mitigate the problem by making sure that no privileged data is used in partitioning operations before changing privilege boundaries. AMD believes that the potential impact of the vulnerability is small, as it requires local access.
This page, prepared by BleepingComputer, provides a complete list of vulnerabilities that were fixed in Tuesday's December 2023 patch updates.
Microsoft's December 2023 Update Tuesday includes security updates for 34 flaws and one zero-day vulnerability in AMD processors.
Although 8 Remote Code Execution (RCE) vulnerabilities were patched, Microsoft rated only 3 as "critical". A total of 4 critical vulnerabilities were discovered: one in the Power Platform (Spoofing), two in Internet Connection Sharing (RCE), and one in the Windows MSHTML platform (RCE).
The number of errors in each vulnerability category is shown below:
- 10 vulnerabilities related to privilege escalation;
- 8 remote code execution vulnerabilities;
- 6 disclosure vulnerabilities;
- 5 Denial of Service (DoS)Vulnerabilities;
- 5 spoofing vulnerabilities.
For more information about the non-security updates released on patch Tuesday, please visit the Windows 11 Cumulative Update KB5033375 and Windows 10 Cumulative Update KB5033372 pages .
Publicly disclosed zero-day vulnerability
In December's Patch Tuesday, Microsoft is patching one zero-day vulnerability in affected AMD processors discovered in August that previously remained unpatched.
CVE-2023-20588 (CVSS: 5.5) is a divide-by-zero vulnerability in certain AMD processors that exposes sensitive data. The bug was discovered in August 2023, and AMD did not provide any fixes other than troubleshooting recommendations.
Developers can mitigate the problem by making sure that no privileged data is used in partitioning operations before changing privilege boundaries. AMD believes that the potential impact of the vulnerability is small, as it requires local access.
This page, prepared by BleepingComputer, provides a complete list of vulnerabilities that were fixed in Tuesday's December 2023 patch updates.
