Microsoft's December 2023 Patch Tuesday Release: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable

Microsoft's December 2023 Patch Tuesday Release: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable “Of the 33 vulnerabilities patched this month, 11 vulnerabilities are rated as Exploitation More Likely according to Microsoft. Nearly three-quarters of these flaws are elevation of privilege vulnerabilities, followed by remote code execution flaws at 18.2%. Typically, remote execution flaws get the most attention due to their impact, but elevation of privilege vulnerabilities are extremely valuable to attackers as they are often leveraged by advanced persistent threat (APT) actors and by determined cybercriminals seeking to elevate privileges as part of post-compromise activity.

“CVE-2023-35636 is an information disclosure vulnerability in Microsoft Outlook. An attacker could exploit this flaw by convincing a potential victim to open a specially crafted file that could be delivered via email or hosted on a malicious website. What makes this one stand out is that exploitation of this flaw would lead to the disclosure of NTLM hashes, which could be leveraged as part of an NTLM relay attackIt is reminiscent of CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook that was exploited in the wild as a zero day and patched in the March 2023 Patch Tuesday release. However, unlike CVE-2023-23397, CVE-2023-35636 is not exploitable via Microsoft’s Preview Pane, which lowers the severity of this flaw.

“CVE-2023-36696 is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. An attacker could exploit this vulnerability as part of post-compromise to elevate privileges to SYSTEM. It’s the sixth elevation of privilege vulnerability discovered in this driver in 2023. Last month, Microsoft patched CVE-2023-36036, a separate elevation of privilege flaw in the same driver that was exploited in the wild as a zero day.

“For 2023, Microsoft patched 909 CVEs, a slight decline of 0.87% from 2022, which saw Microsoft patch 917 CVEs. Severity wise, the majority of vulnerabilities in 2023 were rated as important, accounting for 90% of all CVEs patched, followed by critical at 9.6%. In 2023, Microsoft released patches for 23 zero-day vulnerabilities. Of the 23 zero-day vulnerabilities patched this year, over half (52.2%) were elevation of privilege flaws.” – Satnam Narang, Senior Staff Research Engineer, Tenable

Biz News Desk

26-Year-Old Woman with Rare and Life-Threating Pregnancy Tumour successfully treated at Fortis Hospital Nagarbhavi

Fazlani Nature’s Nest Launches “The Panchakarma Confidence Standard”

Understanding Salivary Gland Infections

Manipal Hospital Dhakuria successfully manages high-risk cardiac surgery with advanced airway care

Poor AQI in Mumbai Prompts Doctors to Caution Against Morning Outdoor Exercise

Habuild Launches ‘Har Ghar Yoga’ to Help India Start the Year with Healthy Habits

Electronic City Gets New Fertility Clinic as Indira IVF Expands in Bengaluru

KIMS Kondapur Achieves Breakthrough Cure for Rare Jaundice Condition Considered Inoperable Even Abroad

Revolutionizing Wellness: Orange Health Labs Launches Orange One to Transform Preventive Healthcare

Microsoft’s December 2023 Patch Tuesday Release: Comment from Satnam Narang, Senior Staff Research Engineer, Tenable

Leave a Reply Cancel reply

Aditya Birla Fashion Ranked India’s 1 and World’s 3 Most Sustainable Retail Company

RR Kabel announces the winners of Kabel Star Season 4 Celebrates four years of the scholarship program worth INR4 Crore

Excelsoft and ASEAMETRICS Partner with the Civil Service Commission of the Philippines to Deliver CSC Civil Service Digital Examination (CSC DeX)

Professional Housekeepers Association and Karnataka Pest Management Association Sign MoU at ‘Housekeeping Synergy 3.0’

Celebrate Republic Day with a Desi Brunch at Novotel Hyderabad Convention Centre

FIGSI Announces New Leadership for 2026 – 2028 Term

Aditya Birla Fashion Ranked India’s 1 and World’s 3 Most Sustainable Retail Company

RR Kabel announces the winners of Kabel Star Season 4 Celebrates four years of the scholarship program worth INR4 Crore

India–U.S. Relations and Global Peace in Focus as Dr. K. A. Paul Addresses Kansas Senate

Excelsoft and ASEAMETRICS Partner with the Civil Service Commission of the Philippines to Deliver CSC Civil Service Digital Examination (CSC DeX)

Professional Housekeepers Association and Karnataka Pest Management Association Sign MoU at ‘Housekeeping Synergy 3.0’

Celebrate Republic Day with a Desi Brunch at Novotel Hyderabad Convention Centre

FIGSI Announces New Leadership for 2026 – 2028 Term

Radisson Hotel Group appoints Sakshi Sehdev Dogra as Director Area Marketing & Communications – South Asia

Simplifying GST for Small Sellers: Trust as the Foundation

Luminous Power Technologies Appoints Vivek Abrol as MD & CEO

IIM Calcutta Innovation Park, Ratan Tata Innovation Hub, Visakhapatnam Partner to Back Market-Ready Andhra Startups with Capital and Scale Support

Royal Orchid Hotels Expands Leisure Portfolio with New Regenta Place Resort in Jim Corbett

Top Category

Aditya Birla Fashion Ranked India’s 1 and World’s 3 Most Sustainable Retail Company

RR Kabel announces the winners of Kabel Star Season 4 Celebrates four years of the scholarship program worth INR4 Crore

Excelsoft and ASEAMETRICS Partner with the Civil Service Commission of the Philippines to Deliver CSC Civil Service Digital Examination (CSC DeX)

Professional Housekeepers Association and Karnataka Pest Management Association Sign MoU at ‘Housekeeping Synergy 3.0’

Celebrate Republic Day with a Desi Brunch at Novotel Hyderabad Convention Centre

FIGSI Announces New Leadership for 2026 – 2028 Term

Radisson Hotel Group appoints Sakshi Sehdev Dogra as Director Area Marketing & Communications – South Asia

Simplifying GST for Small Sellers: Trust as the Foundation

Recent Post

Top Category

Business

Media Outreach Newswire

education

news