Microsoft on Tuesday rolled out fixes for several critical security flaws in the Windows ecosystem and warned that hackers could target these issues to take complete control of unpatched machines.
As part of its regular Patch Tuesday releases, Microsoft documented at least 33 vulnerabilities across a range of products and called urgent attention to remote code execution bugs in the MSHTML Platform, the Microsoft Power Platform Connector and the Internet Connection Sharing components.
The world's largest software maker also incorporated Chromium security flaws haunting its Microsoft Edge browser and a publicly known AMD speculative execution issue.
In all, Redmond's security response team documented at leasts 42 vulnerabilities, including four tagged with the critical-severity rating.
According to data from ZDI, a company that tracks software vulnerabilities, the software giant has patched more than 900 CVEs this year, making it one of the busiest years for Microsoft patches.
Windows fleet administrators are urged to pay special attention to CVE-2023-36019, which addresses a critical spoofing bug in the Microsoft Power Platform Connector.
The issue carries a CVSS severity score of 9.6/10 and could be exploited via specially rigged URLs.
Microsoft also slapped a critical rating on a remotely exploitable code execution defect in the Windows MSHTML Platform and warned that an attacker could send a specially crafted email that triggers automatically when it is retrieved and processed by the Outlook client.
The December patches also fixes a pair of critical Internet Connection Sharing flaws and multiple issues affecting Microsoft Office, Azure, Windows Defender and the Windows DNS and DHCP server.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 12 Dec 2023 21:28:05 +0000