Many in the retail industry have placed our systems in 'lockdown' since before Thanksgiving to ensure we don't interrupt ongoing sales.
They won't be able to update them until after the holidays, but that doesn't mean they can't respond to threats.
The good news for the rest of you is that December Patch Tuesday is usually light regarding CVEs reported.
In addition to its appearance in Windows 11, they have begun introducing it to Windows 10 through the Insiders program, and will soon be available for preview to others.
Microsoft issued Manage Copilot in Windows last month to help us all with this upcoming challenge.
CISA. The Center for Information Security Agency first appeared on the map when they introduced the Known Exploited Vulnerabilities list and key dates for federal agencies to comply with systems updates.
We spend time each month discussing vulnerabilities that are being exploited because there are so many paths of entry and depths of penetration to consider.
At a low level of complexity to exploit, CVE-2023-36025 is a security bypass vulnerability which defeats Windows Defender SmartScreen checks.
Exploitable across the internet, the vulnerability is ideal for a phishing exploit as it only requires the user to click on a malicious URL. A fix was included in the November Patch Tuesday updates and the CVE was reported as Known Exploited, but now it is Publicly Disclosed as well.
In Linux systems, CVE-2021-3773 has been reported in OpenVPN, one of the most common secure access programs.
December 2023 Patch Tuesday forecast Microsoft introduced a series of Service Stack Updates last month and there may be more to come.
The Extended Security Updates for Server 2012 were rolled out without issue last month and will show up again next week, so if you are running unprotected on these older systems consider them an important risk-reducing Christmas purchase.
As I mentioned earlier, December is usually a light month with regards to CVEs addressed and I expect that to continue.
Expect all the Office and OS updates to have a few addressed.
Adobe released security updates for almost their entire product portfolio on November 11th. Unless there are some critical zero-days announced it should be quiet next week.
Apple released Safari 17.1.2, Sonoma 14.1.2, and iOS 17.1.2 updates last week.
Mozilla has shifted away from Patch Tuesday releases the last three months.
Firefox 120 and Firefox ESR and Thunderbird 115.5 were all updated on November 21st so make sure you have those fielded.
The holiday season can be hectic, but it looks like we may have a standard, easy Patch Tuesday week.
If you can, update your systems as usual, but if you are in lockdown continue to monitor your environment for suspicious activity.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 08 Dec 2023 06:43:05 +0000