Microsoft's December Patches Fix Four Critical Windows Vulnerabilities
Microsoft Corp. has issued crucial security updates for Windows operating systems and other software, addressing four critical vulnerabilities in the final Patch Tuesday of 2023. Among these are two remote code execution weaknesses that could allow malicious actors to take control of vulnerable devices.
The most pressing issue is CVE-2023-35628, affecting Windows 10 and later versions, as well as Microsoft Server 2008 and later. This vulnerability could be exploited by malware or cybercriminals to seize control of a vulnerable Windows device. Another critical vulnerability, CVE-2023-35641, is present in the Internet Connection Sharing (ICS) service in all versions of Windows since Windows 7, posing a similar threat.
Satnam Narang, Senior Staff Research Engineer in the Security Response Team at Tenable, has warned that Microsoft identified some non-critical patches as 'more likely to be exploited' in the December batch. Additionally, an information disclosure vulnerability in Outlook, CVE-2023-35636, could lead to the disclosure of NTLM hashes, which could be leveraged in an NTLM relay or 'pass the hash' attack.
Fortunately, there are no known 'zero-day' threats targeting the vulnerabilities in December's patch batch. Users and administrators are urged to apply the security updates promptly to protect their systems from potential threats. Microsoft's proactive approach in addressing these critical issues demonstrates their commitment to maintaining the security of their platforms.
Read also:
- Germany Launches HoLa Project for Megawatt Charging on A2 Motorway
- Wallenius Wilhelmsen Leads Maritime Industry's Push to Net Zero Emissions by 2027
- Transforming Digital Inventories in the Food Industry: A Comprehensive Guide for Food Businesses
- Munich Airport Unveils Its New Electrical Vehicle Charging Parksite
