AsiaInfo Security CERT detected that Microsoft released security patches for 34 vulnerabilities on December Patch Day

Recently, AsiaInfo Security CERT detected that Microsoft released 34 security patches for vulnerabilities on December Patch Day (excluding previously released security updates such as Microsoft Edge), of which 4 were rated as urgent and 30 were rated as important. Contains 10 privilege escalation vulnerabilities, 8 remote code execution vulnerabilities, 5 spoofing vulnerabilities, 6 information leakage vulnerabilities, and 5 denial of service vulnerabilities. Microsoft also fixed one 0-day vulnerability and three critical remote code execution vulnerabilities. They are CVE-23-20588 AMD Speculative Leaks, CVE-23-35628 Windows MSHML Platform Remote Code Execution Vulnerability, CVE-23-35641 and CVE-23-35630 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability, CVE-23-36019 Microsoft Power Platform Connector Spoofing Vulnerability.

According to the expert analysis of AsiaInfo Security CERT, the following vulnerabilities are worth paying attention to:

1. Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-23-35628)

Windows MSHTML platform remote code execution vulnerability, vulnerability number CVE-235628, rating: 8.1, risk level: important, currently not publicly disclosed, no wild exploitation found.

Windows MSHTML is a browser engine used to render web pages that frequently connect to Internet Explorer. Despite the discontinuation of support for the Internet Explorer (IE) 11 desktop application, the MSHTML vulnerability still exists and Microsoft is currently patching it. Attackers can exploit this vulnerability by sending a specially crafted email that triggers when retrieved and processed by the Outlook client. Even before viewing emails in the preview pane, this vulnerability may still be exploited. Successfully exploiting this vulnerability, the attacker will execute code on the target machine without any user interaction.

2. Internet Connection Sharing (ICS) Remote Code Execution Vulnerability (CVE-23-35641)

Internet Connection Sharing (ICS) remote code execution vulnerability, vulnerability number CVE-235641, rating: 8.8, risk level: critical, currently not publicly disclosed, no wild exploitation found.

Internet Connection Sharing is directly related to the wireless network connection of the system, providing network address translation, addressing, name resolution, or intrusion protection services for home and small office networks. This service is important for shared networks. For example, if you want to share wireless, you need to keep the service turned on. If you disable it, there will be a problem where Windows shared wireless internet cannot start the ICS service. Attackers can exploit this vulnerability by sending specially crafted DHCP messages to servers running Internet Connection Sharing Services. Successful exploitation of this vulnerability will result in remote code execution by attackers within the same network.

3. Microsoft Outlook Information Leakage Vulnerability (CVE-23-35636)

Microsoft Outlook information leak vulnerability, vulnerability number CVE-2023-35636, rating: 6.5, risk level: critical, currently not publicly disclosed, no wild exploitation found.

Microsoft Outlook is an email application developed by Microsoft Corporation in the United States. Successful exploitation of this vulnerability will result in the leakage of NFT hashes, which may be used as part of an NFT relay or "pass hash" attack, allowing attackers to disguise themselves as legitimate users without logging in.

Vulnerability Number

CVE-2023-20588

CVE-2023-21740

CVE-2023-35619

CVE-2023-35621

CVE-2023-35622

CVE-2023-35624

CVE-2023-35625

CVE-2023-35628

CVE-2023-35629

CVE-2023-35630

CVE-2023-35631

CVE-2023-35632

CVE-2023-35633

CVE-2023-35634

CVE-2023-35635

CVE-2023-35636

CVE-2023-35638

CVE-2023-35639

CVE-2023-35641

CVE-2023-35642

CVE-2023-35643

CVE-2023-35644

CVE-2023-36003

CVE-2023-36004

CVE-2023-36005

CVE-2023-36006

CVE-2023-36009

CVE-2023-36010

CVE-2023-36011

CVE-2023-36012

CVE-2023-36019

CVE-2023-36020

CVE-2023-36391

CVE-2023-36696

Affected products

Windows Media

Microsoft Edge (Chromium-based)

Microsoft Office Outlook

Microsoft Dynamics

Microsoft Windows DNS

Azure Connected Machine Agent

Azure Machine Learning

Windows MSHTML Platform

Windows USB Mass Storage Class Driver

Windows Internet Connection Sharing (ICS)

Windows Win32K

Windows Kernel

Microsoft Bluetooth Driver

Windows DHCP Server

Windows ODBC Driver

Windows Kernel-Mode Drivers

XAML Diagnostics

Windows DPAPI (Data Protection Application Programming Interface)

Windows Telephony Server

Microsoft WDAC OLE DB provider for SQL

Microsoft Office Word

Windows Defender

Microsoft Power Platform Connector

Windows Local Security Authority Subsystem Service (LSASS)

Windows Cloud Files Mini Filter Driver

Recommendations from AsiaInfo Security CERT

1. Windows Automatic Update

Microsoft Update is enabled by default, and when the system detects available updates, it will automatically download and install them on the next startup.

Click on the "Start Menu" or press the Windows shortcut key to enter "Settings"

Select "Update and Security" and enter "Windows Update" (you can enter "Windows Update" through the Control Panel, the specific steps are "Control Panel" ->"System and Security" ->"Windows Update")

Select 'Check for updates' and wait for the system to automatically check and download available updates.

Restart the computer. After installing and updating the system, you can check if the update was successfully installed by going to "Windows Update" ->"View Update History". For updates that have not been successfully installed, you can click on the update name to enter the official Microsoft update description link, click on the latest SSU name, and then click on the "Microsoft Update Catalog" in the new link. Then, select the patch suitable for the target system in the new link to download and install.

2. Manually install updates

For some system versions and applications that cannot be automatically updated, you can go to Microsoft's official website to download the corresponding patches for updates.

Download link:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul

Reference link

https://msrc.microsoft.com/update-guide/releaseNote/2023-Dec