Skip to content
BLOG

Patch Tuesday December 2023

Jordan Hammond fun headshot
Jordan Hammond|December 12, 2023
Patch Tuesday October 2023
Patch Tuesday October 2023
Sections

All I wanted for Christmas was a light Patch Tuesday. I was clearly on my best behavior all year because this is the lightest month of patching I have seen in my two years of doing these write-ups.

I will now pause while everyone gathers to praise my super awesome behavior. Looks like my mom was wrong all of those years, and I am a saint.

Even the already known does not have an actual score and is just listed as an informational disclosure. Let's take a look at the lowlights ... that is, if we can find any.

  • Total exploits patched: 33

  • Critical patches: 4

  • Already known or exploited: 1

Some highlights (or lowlights)

  • CVE-2023-36019: This is the only exploit for the month that rates over a 9, coming in at a 9.6. It is a spoofing exploit attacking the Microsoft Power Platform connector. It does have a network attack vector, but it requires user interaction to exploit. The best defense for this one is a well-trained user base that won’t click on suspicious links. If this is one that you are at risk for, it will be listed in your M365 Admin Center. Check there to see if you should restart indiscriminate link-clicking.

  • CVE-2023-35641: This 8.8 comes in with an exploitation more likely rating, attacking Internet Connection Sharing (ICS), which is not often seen. The only thing keeping the score below a 9 is the attack vector is limited to adjacent. The attacker would need to be on your network from either a shared physical or logical network. This requires no user interaction or privileges, so if you have a server running ICS, get to patching.

  • CVE-2023-35628: This 8.1-rated remote code execution (RCE) attacks the Windows MSHTML platform. It has all of the risk factors to make it much higher but is considered difficult to pull off, lowering the score slightly. With this exploit, an attacker could send a malicious email that can trigger before it even reaches the preview pane in Outlook. A successful attack allows the attacker to run remote code on the victim’s machine.

Wrapping up

The important thing to remember is that I was, in fact, super well behaved all year, and I did not find a way to game the system. As the world’s foremost authority on good behavior, it would be unconscionable for me to even consider that.

If, in some hypothetical scenario, some loser in red finds out I beat his list and he tries to derail my magical holiday, I will be prepared to make it all vanish with automation, turning this potentially bad time into nothing.

You, too, can stick it to the self-proclaimed King of the Elves by automating your patching with PDQ Deploy, PDQ Inventory, and PDQ Connect! If you don’t hear from me again, know that the Xmas Illuminati got to me.

Loading...

Jordan Hammond fun headshot
Jordan Hammond

Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet.

Related articles

Illustration of computer with shield and lock that represents security

How to read a vulnerability scan report

SECURITY

Security green

What is attack surface management?

SECURITY

Illustration that shows logo of PDQ Connect

PDQ Connect announces custom fields

PRODUCT