Microsoft patches this month include 4 Critical Threats and 1 with a CVSS Score of 9.6.

There are 4 Critical with the remaining 29 Important severities fixed.  Windows, Windows Components, Office Components, Azure, Windows DNS and DHCP server and Microsoft Dynamic have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “Not only have we seen the December Patch Tuesday as the smallest of the year; with only 33 fixes it is the lowest for the past 5 years.  If you count all the individual CVSS scores together, December has a combined CVSS score of 208.2 where the average CVSS score was 7.2 which is down on last month’s median score of 7.6.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

 

CVE-2023-36019 – Microsoft Power Platform Connector Spoofing Vulnerability

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

Note:  The vulnerability has the Highest CVSS Score

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.6
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope / Jump Point: Changed / Yes

CVE-2023-35641 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service.

Note:  The Remote Code Execution vulnerability has Exploitation More Likely

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Unchanged / None

CVE-2023-35639 – Microsoft ODBC Driver Remote Code Execution Vulnerability

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

Note:  The Remote Code Execution vulnerability has Exploitation More Likely

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope / Jump Point: Unchanged / None
Reference Description Severity CVSS Score Weaponised Publicly Disclosed Additional Comments Impact Exploitability
CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability Critical 9.6 No No Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
Spoofing Exploitation Less Likely
CVE-2023-35641 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Critical 8.8 No No Remote Code Execution Exploitation More Likely
CVE-2023-35630 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Critical 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35639 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Remote Code Execution Exploitation Less Likely
CVE-2023-36006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. Remote Code Execution Exploitation Less Likely
CVE-2023-35628 Windows MSHTML Platform Remote Code Execution Vulnerability Critical 8.1 No No The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. Remote Code Execution Exploitation More Likely
CVE-2023-35634 Windows Bluetooth Driver Remote Code Execution Vulnerability Important 8 No No An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component. Remote Code Execution Exploitation Less Likely
CVE-2023-35631 Win32k Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-35632 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-35633 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-35644 Windows Sysmain Service Elevation of Privilege Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-36011 Win32k Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-36391 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-36696 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-21740 Windows Media Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-36020 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 7.6 No No Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.
Spoofing Exploitation Less Likely
CVE-2023-36005 Windows Telephony Server Elevation of Privilege Vulnerability Important 7.5 No No An attacker who successfully exploited this vulnerability could execute code in the security context of the “NT AUTHORITY\Network Service” account. Elevation of Privilege Exploitation More Likely
CVE-2023-36010 Microsoft Defender Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation More Likely
CVE-2023-35621 Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35622 Windows DNS Spoofing Vulnerability Important 7.5 No No Spoofing Exploitation Less Likely
CVE-2023-35638 DHCP Server Service Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35643 DHCP Server Service Information Disclosure Vulnerability Important 7.5 No No The type of information that could be disclosed if an attacker successfully exploited this vulnerability is remote heap memory. Information Disclosure Exploitation Less Likely
CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability Important 7.5 No No Spoofing Exploitation Less Likely
CVE-2023-35624 Azure Connected Machine Agent Elevation of Privilege Vulnerability Important 7.3 No No An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file to delete as SYSTEM. Elevation of Privilege Exploitation Less Likely
CVE-2023-35629 Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability Important 6.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-36003 XAML Diagnostics Elevation of Privilege Vulnerability Important 6.7 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35636 Microsoft Outlook Information Disclosure Vulnerability Important 6.5 No No Exploiting this vulnerability could allow the disclosure of NTLM hashes. Information Disclosure Exploitation Less Likely
CVE-2023-35642 Internet Connection Sharing (ICS) Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35635 Windows Kernel Denial of Service Vulnerability Important 5.5 No No This vulnerability could be exploited if an authenticated user opens a specially crafted file locally or browses to that file on a network share when running an unpatched version of Windows. When the user browses or lists the maliciously crafted file that action could cause a crash of the operating system. Denial of Service Exploitation Less Likely
CVE-2023-36009 Microsoft Word Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-35619 Microsoft Outlook for Mac Spoofing Vulnerability Important 5.3 No No Spoofing Exploitation Less Likely
CVE-2023-36012 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Information Disclosure Exploitation Less Likely
CVE-2023-35625 Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability Important 4.7 No No Information Disclosure Exploitation Less Likely