Microsoft's monthly security update released Tuesday is the company's lightest in four years, including only 33 vulnerabilities.
Perhaps more notable is that there are no zero-day vulnerabilities included in December's Patch Tuesday, a rarity for Microsoft this year.
The company's regular set of advisories has included a vulnerability that's been actively exploited in the wild in 10 months this year.
There are four critical vulnerabilities that Microsoft released patches, three of which could lead to remote code execution.
Two of the critical vulnerabilities are CVE-2023-35630 and CVE-2023-35641, which exist in the Internet Connection Sharing service on certain versions of Windows 10, 11 and Windows Server.
An attacker could exploit these vulnerabilities to execute code on the targeted machine by modifying an option -> length field in a DHCPv6 DHCPV6 MESSAGE INFORMATION REQUEST input message.
This attack is limited to systems connected to the same network segment as the attacker.
Another critical remote code execution vulnerability is CVE-2023-35628, which exists in the Windows MSHTML Platform.
The MSHTML platform is used in different web browsers, including Microsoft Edge, and other web applications through its WebBrowser control.
An adversary could exploit this vulnerability by sending a specially crafted email that triggers automatically when the Microsoft Outlook client retrieves and processes it.
This means the vulnerability could be triggered before the user even opens the email in the Preview Pane.
An attacker could also put a malicious hyperlink in an email and trick the user into clicking on the link.
There is an information disclosure vulnerability in Microsoft Outlook that could lead to the leaking of NTLM hashes.
Attackers commonly use NTLM hashes in follow-on attacks, such as pass-the-hash.
An adversary could exploit this vulnerability by tricking the user into opening a specially crafted file, such as a lure document attached to a phishing email, or a file hosted on an attacker-controlled page they trick the user into opening in their web browser.
Windows Media also contains a remote code execution vulnerability that can be triggered if the user opens a specially crafted file.
A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them.
Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 62762 - 62771, 62786 and 62787.
This Cyber News was published on blog.talosintelligence.com. Publication date: Tue, 12 Dec 2023 20:13:04 +0000