Article Details
Scrape Timestamp (UTC): 2023-12-12 19:03:37.186
Original Article Text
Click to Toggle View
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day. Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution (RCE) bugs were fixed, Microsoft only rated three as critical. In total, there were four critical vulnerabilities, with one in Power Platform (Spoofing), two in Internet Connection Sharing (RCE), and one in Windows MSHTML Platform (RCE). The number of bugs in each vulnerability category is listed below: The total count of 34 flaws does not include 8 Microsoft Edge flaws fixed on December 7th. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5033375 cumulative update and Windows 10 KB5033372 cumulative update. One publicly disclosed zero-day fixed This month's Patch Tuesday fixes one AMD zero-day vulnerability disclosed in August that previously remained unpatched. The 'CVE-2023-20588 - AMD: CVE-2023-20588 AMD Speculative Leaks' vulnerability is a division-by-zero bug in specific AMD processors that could potentially return sensitive data. The flaw was disclosed in August 2023, with AMD not providing any fixes other than recommending the following mitigation. "For affected products, AMD recommends following software development best practices," reads an AMD bulletin on CVE-2023-20588. "Developers can mitigate this issue by ensuring that no privileged data is used in division operations prior to changing privilege boundaries. AMD believes that the potential impact of this vulnerability is low because it requires local access. " As part of today's December Patch Tuesday updates, Microsoft has released a security update that resolves this bug in impacted AMD processors. Recent updates from other companies Other vendors who released updates or advisories in December 2023 include: The December 2023 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the December 2023 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here.
Daily Brief Summary
Microsoft's December 2023 Patch Tuesday addressed 34 security issues, among which was a previously disclosed but unpatched AMD CPU zero-day vulnerability.
Despite identifying eight remote code execution (RCE) bugs, only three received a critical rating from Microsoft.
The patch included fixes for four critical flaws, impacting Power Platform, Internet Connection Sharing, and the Windows MSHTML Platform.
The zero-day vulnerability, identified as 'CVE-2023-20588
AMD: CVE-2023-20588 AMD Speculative Leaks,' is a division-by-zero error in selected AMD processors posing a risk of leaking sensitive data.
AMD's stance on the zero-day was to advise adherence to software development best practices, deeming the threat low due to the need for local access to exploit it.
Alongside Microsoft's updates, other companies have also issued updates or advisories for December 2023.
In-depth details of each resolved vulnerability from the December Patch Tuesday update are accessible for review in the full report.