Microsoft’s December patch fixes 34 vulnerabilities and 1 zero-day

Microsoft’s December patch fixes 34 vulnerabilities and 1 zero-day

Microsoft released the December 2023 patch, which contains security updates for a total of 34 flaws and one unpatched zero-day vulnerability in AMD processors.

Although eight remote code execution (RCE) bugs have been fixed, Microsoft has rated only three of them as critical. In total, four critical vulnerabilities were identified: one in Power Platform (spoofing), two in Internet Connection Sharing (RCE), and one in Windows MSHTML Platform (RCE).

Below are the number of bugs in each vulnerability category:

10: Elevation of Privilege Vulnerabilities.

8: Remote code execution vulnerabilities.

6: Vulnerabilities to Information Disclosure.

5: Denial of Service Vulnerabilities.

5: Forgery Vulnerabilities.

These 34 flaws do not include the 8 Microsoft Edge bugs that were fixed on December 7.

This month’s patch fixes one zero-day vulnerability discovered in August that was previously unpatched.

CVE-2023-20588 – AMD Vulnerability: CVE-2023-20588 AMD Speculative Leaks is a divide-by-zero bug in certain AMD processors that could potentially return sensitive data.

“For affected products, AMD recommends following software development best practices. Developers can mitigate this problem by ensuring that no privileged data is used in allocation operations before the privilege limits are changed. AMD believes that the potential impact of this vulnerability is low because it requires local access.” AMD’s bulletin for CVE-2023-20588 says.

As part of the December Updates, Microsoft released a security update that addresses this bug on affected AMD processors.

ProIT previously reported that AMD introduced Threadripper 7000 for enthusiasts and 7000 PRO for professionals – the flagship has 96 cores.

Subscribe to ProIT in Telegramso you don’t miss a post!

Related posts