⚡ TL;DR | Go Straight to the December 2023 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The December 2023 edition of Patch Tuesday brings us 38 new fixes, with 7 rated as critical. We’ve listed the most important changes below.
Windows MSHTML Platform RCE Vulnerability
We start this lighter Patch Tuesday off with CVE-2023-35628, while not having the highest CVSS base score, it still is listed by Microsoft as being likely to be expoited. It can be exploited by by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
Microsoft provided additional details regarding the exploitation:
Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim’s machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).
Microsoft
Internet Connection Sharing RCE Vulnerability
Second on the list is CVE-2023-35641 and CVE-2023-35630 a vulnerability limited to devices running the Internet Connection Sharing service. It has a CVSS base score of 8.8 and Microsoft mentiones that exploitation is more likely. In addition to requiring the ICS service, an attack is limited to systems connected to the same network segment as the attacker. An attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.
If you want to get an overview of all devices and the ICS service status you can use the Internet Connection Sharing Service Audit.
Visual Studio Remote Code Execution
Visual Studio takes the crown this week for the most critical vulnerabilities. CVE-2023-36796, CVE-2023-36793, and CVE-2023-36792 are all critical with CVE-2023-36794 being the only non-critical Visual Studio RCE.
Obviously having Visual Studio is a prerequisite and exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio.
Run the Patch Tuesday December 2023 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday December 2023 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability |
| CVE-2023-35641 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
| CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
| CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36696 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2023-36391 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| CVE-2023-36020 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-36009 | Microsoft Word Information Disclosure Vulnerability |
| CVE-2023-36011 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-20588 | AMD: CVE-2023-20588 AMD Speculative Leaks Security Notice |
| CVE-2023-35625 | Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability |
| CVE-2023-21740 | Windows Media Remote Code Execution Vulnerability |
| CVE-2023-36010 | Microsoft Defender Denial of Service Vulnerability |
| CVE-2023-36012 | DHCP Server Service Information Disclosure Vulnerability |
| CVE-2023-36003 | XAML Diagnostics Elevation of Privilege Vulnerability |
| CVE-2023-36004 | Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability |
| CVE-2023-36005 | Windows Telephony Server Elevation of Privilege Vulnerability |
| CVE-2023-36006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-35638 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2023-35639 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2023-35642 | Internet Connection Sharing (ICS) Denial of Service Vulnerability |
| CVE-2023-35643 | DHCP Server Service Information Disclosure Vulnerability |
| CVE-2023-35644 | Windows Sysmain Service Elevation of Privilege |
| CVE-2023-35629 | Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability |
| CVE-2023-35631 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-35632 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2023-35633 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-35634 | Windows Bluetooth Driver Remote Code Execution Vulnerability |
| CVE-2023-35635 | Windows Kernel Denial of Service Vulnerability |
| CVE-2023-35636 | Microsoft Outlook Information Disclosure Vulnerability |
| CVE-2023-35619 | Microsoft Outlook for Mac Spoofing Vulnerability |
| CVE-2023-35621 | Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability |
| CVE-2023-35622 | Windows DNS Spoofing Vulnerability |
| CVE-2023-35624 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
