December 13, 2023 at 01:48AM
Microsoft’s final 2023 Patch Tuesday update addressed 33 flaws, with 4 rated Critical and 29 rated Important. This year, they’ve patched over 900 flaws, including vulnerabilities like remote code execution and information disclosure. Akamai also discovered attacks against Active Directory domains using Microsoft DHCP servers, prompting recommendations from Microsoft. Other vendors also released security updates this month.
From the meeting notes on Patch Tuesday for December 13, 2023, the key takeaways include:
– Microsoft released a total of 33 patches, addressing 36 flaws, with four rated as Critical and 29 as Important in severity. This is one of the lightest releases in recent years.
– Notable vulnerabilities include those with high CVSS scores, such as CVE-2023-35628, CVE-2023-35630, CVE-2023-35639, and CVE-2023-35641, which are related to remote code execution and information disclosure.
– There are also significant vulnerabilities in the Dynamic Host Configuration Protocol (DHCP) server service, which could lead to denial-of-service or information disclosure.
– Akamai discovered attacks against Active Directory domains that use Microsoft Dynamic Host Configuration Protocol (DHCP) servers, enabling attackers to spoof sensitive DNS records, potentially leading to credential theft or full Active Directory domain compromise.
– Microsoft responded to the findings by recommending users to disable DHCP DNS Dynamic Updates if not required and refrain from using DNSUpdateProxy.
– Additionally, security updates have been released by other vendors.
Would you like to go over any specific details from the meeting notes?