Adrian Borlea
No items found.
In this article:

Microsoft released its final Patch Tuesday of 2023, with fixes for a relatively small number of security flaws in its Windows operating systems and other software. Four of the updates address “critical” vulnerabilities that can be exploited to gain complete control over a vulnerable Windows device with almost no help from users.

Let’s take a closer look at the most interesting updates for this month.

Notable Critical Microsoft Vulnerabilities

⭕ Critical | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

CVE-2023-35630 is targeting ICS (Internet Connection Sharing) which is a Windows service that enables one Internet-connected computer to share its Internet connection with other computers on a local area network. To exploit this vulnerability, an attacker must be on the same network segment as the target computer and must modify an option - length field within a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.  

⭕ Critical | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

CVE-2023-35641 is targeting the same ICS service with the same restrictions that attacks cannot be carried across multiple networks. An attacker may exploit this vulnerability by sending a specially crafted DHCP message to a server that runs the ICS service.

⭕ Critical | Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2023-35628 is targeting Windows MSHTML, a software component used to render web pages. An attacker can exploit this vulnerability by sending a specially crafted email which triggers when it is retrieved and processed by the Outlook client. This would allow the exploitation to happen even before the email is viewed in the preview pane. The attack complexity is high due to relying on complex memory-shaping techniques to successfully exploit the vulnerability.

December's Patch Tuesday Addressing Zero-day Flaws

AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice

CVE-2023-20588 has been included by Microsoft in the Security Update Guide because the latest builds of Windows enable mitigation and can provide protection against this vulnerability. The vulnerability was discovered in August 2023 and AMD offered mitigations for it. As per AMD Security Bulletin “This is a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality.”

AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice

CVE-2023-20588

Windows Bluetooth Driver Remote Code Execution Vulnerability

CVE-2023-35634

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-36006

Windows DNS Spoofing Vulnerability

CVE-2023-35622

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2023-36696

DHCP Server Service Information Disclosure Vulnerability

CVE-2023-35643

DHCP Server Service Denial of Service Vulnerability

CVE-2023-35638

DHCP Server Service Information Disclosure Vulnerability

CVE-2023-36012

Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

CVE-2023-36004

Internet Connection Sharing (ICS) Denial of Service Vulnerability

CVE-2023-35642

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

CVE-2023-35630

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2023-35632

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

CVE-2023-35641

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-35633

Windows Kernel Denial of Service Vulnerability

CVE-2023-35635

Windows Sysmain Service Elevation of Privilege

CVE-2023-35644

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

CVE-2023-36391

Windows Media Remote Code Execution Vulnerability

CVE-2023-21740

Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2023-35628

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2023-35639

Windows Telephony Server Elevation of Privilege Vulnerability

CVE-2023-36005

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

CVE-2023-35629

Win32k Elevation of Privilege Vulnerability

CVE-2023-36011

Win32k Elevation of Privilege Vulnerability

CVE-2023-35631

XAML Diagnostics Elevation of Privilege Vulnerability

CVE-2023-36003

At Runecast we ensure that all OS vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.

Runecast is an AI-powered platform that gives you complete visibility and proactive control over potential vulnerabilities in your environment. It provides alignment with best practices, risk-based vulnerability management, regulatory compliance audits and more to ensure that every aspect of your environment is protected. 

Additionally, Runecast provides explicit instructions and generates custom remediation scripts, to help IT teams maintain continuous compliance within the environment (not only a state of compliance on the day of an external audit). The Runecast platform can be deployed to AWS, Azure, Kubernetes, and VMware environments and can operate entirely on-premises or via our new SaaS offering.

Meet other Runecasters here:

Run Secure and Compliant Workloads Anywhere

Let Runecast detect and assess risks, so you can be fully compliant in minutes.

Get Free Trial