Home > Cyber News > In 2023, Microsoft Addressed More Than 900 Flaws

In 2023, Microsoft Addressed More Than 900 Flaws

Microsoft’s December 2023 Patch Tuesday: Wrapping Up the Year

Microsoft bids farewell to 2023 with its final Patch Tuesday updates, addressing 33 flaws in its software. Remarkably, this release marks one of the lighter ones in recent years, featuring four Critical and 29 Important severity-rated fixes.

In 2023, Microsoft Addressed More Than 900 Flaws

Notably, these updates come on the heels of the company addressing 18 flaws in its Chromium-based Edge browser since the November 2023 Patch Tuesday release.

Despite the modest count, the software giant has been highly active in 2023, addressing over 900 flaws, making it a remarkably busy year for Microsoft patches. To put this into perspective, Redmond resolved 917 CVEs in 2022.

While none of the addressed vulnerabilities are currently listed as publicly known or under active attack, several notable ones stand out:

Key Vulnerabilities

  • CVE-2023-35628 (CVSS 8.1) – Windows MSHTML Platform Remote Code Execution Vulnerability
  • CVE-2023-35630 (CVSS 8.8) – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
  • CVE-2023-35636 (CVSS 6.5) – Microsoft Outlook Information Disclosure Vulnerability
  • CVE-2023-35639 (CVSS 8.8) – Microsoft ODBC Driver Remote Code Execution Vulnerability
  • CVE-2023-35641 (CVSS 8.8) – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
  • CVE-2023-35642 (CVSS 6.5) – Internet Connection Sharing (ICS) Denial-of-Service Vulnerability
  • CVE-2023-36019 (CVSS 9.6) – Microsoft Power Platform Connector Spoofing Vulnerability

CVE-2023-36019 is particularly noteworthy as it enables attackers to send a specially crafted URL, executing malicious scripts in the victim’s browser.

DHCP Server Service Vulnerabilities

Microsoft’s Patch Tuesday also addresses three flaws in the Dynamic Host Configuration Protocol (DHCP) server service, potentially leading to denial-of-service or information disclosure.

  • CVE-2023-35638 (CVSS 7.5) – DHCP Server Service Denial-of-Service Vulnerability
  • CVE-2023-35643 (CVSS 7.5) – DHCP Server Service Information Disclosure Vulnerability
  • CVE-2023-36012 (CVSS 5.3) – DHCP Server Service Information Disclosure Vulnerability

Recent discoveries by Akamai highlight new attacks against Active Directory domains using Microsoft DHCP servers, allowing attackers to spoof sensitive DNS records, potentially leading to credential theft or full Active Directory domain compromise.

In response, Microsoft recommends disabling DHCP DNS Dynamic Updates if not required and avoiding the use of DNSUpdateProxy.

As we conclude 2023, it’s not just Microsoft addressing security concerns. Numerous vendors, including Adobe, Amazon Web Services, Cisco, WordPress, and many others, have released security updates over the past few weeks to address vulnerabilities across a wide range of software and services. This collective effort underscores the ongoing commitment to bolstering cybersecurity across the digital landscape.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree