Microsoft patches this month include 4 Critical Threats and 1 with a CVSS Score of 9.6.
There are 4 Critical with the remaining 29 Important severities fixed. Windows, Windows Components, Office Components, Azure, Windows DNS and DHCP server and Microsoft Dynamic have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “Not only have we seen the December Patch Tuesday as the smallest of the year; with only 33 fixes it is the lowest for the past 5 years. If you count all the individual CVSS scores together, December has a combined CVSS score of 208.2 where the average CVSS score was 7.2 which is down on last month’s median score of 7.6.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2023-36019 – Microsoft Power Platform Connector Spoofing Vulnerability
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
Note: The vulnerability has the Highest CVSS Score
Syxscore
- Vendor Severity: Critical
- CVSS: 9.6
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope / Jump Point: Changed / Yes
CVE-2023-35641 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service.
Note: The Remote Code Execution vulnerability has Exploitation More Likely
Syxscore
- Vendor Severity: Critical
- CVSS: 8.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / None
CVE-2023-35639 – Microsoft ODBC Driver Remote Code Execution Vulnerability
An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.
Note: The Remote Code Execution vulnerability has Exploitation More Likely
Syxscore
- Vendor Severity: Critical
- CVSS: 8.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope / Jump Point: Unchanged / None
| Reference | Description | Severity | CVSS Score | Weaponised | Publicly Disclosed | Additional Comments | Impact | Exploitability |
| CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability | Critical | 9.6 | No | No | Scope = Changed, Jump Point = True The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing | Exploitation Less Likely |
| CVE-2023-35641 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | Critical | 8.8 | No | No | Remote Code Execution | Exploitation More Likely | |
| CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | Critical | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2023-35639 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. | Remote Code Execution | Exploitation Less Likely |
| CVE-2023-36006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. | Remote Code Execution | Exploitation Less Likely |
| CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical | 8.1 | No | No | The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. | Remote Code Execution | Exploitation More Likely |
| CVE-2023-35634 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Important | 8 | No | No | An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component. | Remote Code Execution | Exploitation Less Likely |
| CVE-2023-35631 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2023-35632 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2023-35633 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2023-35644 | Windows Sysmain Service Elevation of Privilege | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2023-36011 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2023-36391 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2023-36696 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation More Likely |
| CVE-2023-21740 | Windows Media Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2023-36020 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 7.6 | No | No | Scope = Changed, Jump Point = True The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
Spoofing | Exploitation Less Likely |
| CVE-2023-36005 | Windows Telephony Server Elevation of Privilege Vulnerability | Important | 7.5 | No | No | An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account. | Elevation of Privilege | Exploitation More Likely |
| CVE-2023-36010 | Microsoft Defender Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation More Likely | |
| CVE-2023-35621 | Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2023-35622 | Windows DNS Spoofing Vulnerability | Important | 7.5 | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2023-35638 | DHCP Server Service Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2023-35643 | DHCP Server Service Information Disclosure Vulnerability | Important | 7.5 | No | No | The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory. | Information Disclosure | Exploitation Less Likely |
| CVE-2023-36004 | Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | Important | 7.5 | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2023-35624 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important | 7.3 | No | No | An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file to delete as SYSTEM. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2023-35629 | Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | Important | 6.8 | No | No | Remote Code Execution | Exploitation Less Likely | |
| CVE-2023-36003 | XAML Diagnostics Elevation of Privilege Vulnerability | Important | 6.7 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Elevation of Privilege | Exploitation Less Likely |
| CVE-2023-35636 | Microsoft Outlook Information Disclosure Vulnerability | Important | 6.5 | No | No | Exploiting this vulnerability could allow the disclosure of NTLM hashes. | Information Disclosure | Exploitation Less Likely |
| CVE-2023-35642 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | Important | 6.5 | No | No | Denial of Service | Exploitation Less Likely | |
| CVE-2023-35635 | Windows Kernel Denial of Service Vulnerability | Important | 5.5 | No | No | This vulnerability could be exploited if an authenticated user opens a specially crafted file locally or browses to that file on a network share when running an unpatched version of Windows. When the user browses or lists the maliciously crafted file that action could cause a crash of the operating system. | Denial of Service | Exploitation Less Likely |
| CVE-2023-36009 | Microsoft Word Information Disclosure Vulnerability | Important | 5.5 | No | No | Information Disclosure | Exploitation Less Likely | |
| CVE-2023-35619 | Microsoft Outlook for Mac Spoofing Vulnerability | Important | 5.3 | No | No | Spoofing | Exploitation Less Likely | |
| CVE-2023-36012 | DHCP Server Service Information Disclosure Vulnerability | Important | 5.3 | No | No | The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. | Information Disclosure | Exploitation Less Likely |
| CVE-2023-35625 | Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | Important | 4.7 | No | No | Information Disclosure | Exploitation Less Likely |
