In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, December 12, 2023. Today’s Patch Tuesday comes with fixes for One Zero-Day vulnerability and and 34 flaws.
What is Patch Tuesday?
Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.
Why is it important?
This month’s patch Tuesday is critical because it fixes One zero-day vulnerabilities (a vulnerability in a system or device that has been disclosed but is not yet patched). The SensCy team recommends Microsoft users install those patches immediately. The zero day was disclosed in August 2023.
CVE-2023-20588 is a vulnerability in AMD CPUs, “”For affected products, AMD recommends following software development best practices,” reads an AMD bulletin on CVE-2023-20588.
“”Developers can mitigate this issue by ensuring that no privileged data is used in division operations prior to changing privilege boundaries. AMD believes that the potential impact of this vulnerability is low because it requires local access. ”
In addition to the zero-day fix, Microsoft is also fixing 36 vulnerabilities, with Three classified as “Critical” as they allow remote code execution.
Here is a breakdown of each vulnerability category:
- 10 Elevation of Privilege Vulnerability
- 8 Remote Code Execution Vulnerabilities
- 6 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
- 5 Spoofing Vulnerabilities
For more information on vulnerabilities and the system that it affects, please refer to the full report from Microsoft linked here.