After celebrating the first 20 years of Patch Tuesday in November 2023, Microsoft concludes the year with a “roundup” of security updates intended for the resolution of 33 vulnerabilities. Today’s is the Patch Tuesday of the Redmond company lighter for four years now so much so that there is not even a problem that has previously been the subject of aggression and exploitation (zero-day).
From the list of updates documented on the ISC-SANS website, it is still worth extracting four patch of particular relevance: three are updates indicated by Microsoft as “critical”, one as “important”.
Microsoft Patch Tuesday December 2023: What are the critical security vulnerabilities
Among the security gaps resolved by Microsoft technicians, two (CVE-2023-35630 and CVE-2023-35641) concern the Internet connection sharing (ICS) on Windows 10, Windows 11 and Windows Server. An attacker could exploit the vulnerabilities in question to execute malicious code on the targeted computer by changing a particular option in DHCPv6 messages exchanged between devices. The problem, however, is limited to systems connected to the same network segment as the attacker.
MSHTML rendering engine suffers from critical vulnerability
Another critical vulnerability related toremote code execution it is CVE-2023-35628: in this case, the component affected by the problem is the well-known MSHTML, which until some time ago was the default rendering engine of Internet Explorer and Edge, before Microsoft embraced the Chromium code. mshtml.dll it is however present “behind the scenes” and the security flaw in question could be exploited by an attacker, for example, by sending a malicious email – appropriately structured – to a vulnerable Microsoft Outlook client. The gap could be triggered before the user even opens the email in preview pane.
New attacks on NTLM and Windows Media
Also relevant is the vulnerability identified as CVE-2023-35636: this time specifically focused on Outlook, it could lead to the exposure of hash NTLM i.e. user account passwords in format hashed.
Microsoft has long been working to mitigate attacks on NTLM, the communication protocol historically used in Windows operating systems. Indeed, Microsoft is also focusing heavily on a new one authentication system Kerberos to overcome NTLM, also on client systems and therefore not only on the server side.
Windows Media It also contains a remote code execution vulnerability that can be triggered when the user opens a specially crafted file. The CVE-2023-21740 flaw is also considered easy to exploit because the activation of the malicious code could begin with a simple double-click or opening a malicious element using Windows Media Player.