December 12, 2023 at 03:36PM
Microsoft released critical security fixes for 33 vulnerabilities, including remote code execution bugs and flaws in its Edge browser. The company urged special attention to the CVE-2023-36019 spoofing bug and CVE-2023-35628 code execution defect. Additionally, the patches address issues in Office, Azure, Windows Defender, and the Windows DNS and DHCP server.
From the meeting notes, the key takeaways are:
– Microsoft has released fixes for several critical security flaws in the Windows ecosystem, addressing at least 33 vulnerabilities across various products.
– Urgent attention is called upon remote code execution bugs in the MSHTML Platform, the Microsoft Power Platform Connector, and the Internet Connection Sharing (ICS) components.
– Notably, there are security patches for vulnerabilities in the Microsoft Edge browser and a publicly known AMD speculative execution issue.
– Overall, there were at least 42 vulnerabilities documented, with four being tagged as critical-severity.
– Windows fleet administrators are particularly urged to focus on addressing CVE-2023-36019, a critical spoofing bug in the Microsoft Power Platform Connector.
– Microsoft also highlighted a critical remotely exploitable code execution defect in the Windows MSHTML Platform (CVE-2023-35628), warning about the potential risks associated with a specially crafted email triggering automatic exploitation in the Outlook client.
– The December patches also address critical Internet Connection Sharing (ICS) flaws and multiple issues affecting various Microsoft products such as Office, Azure, Windows Defender, and the Windows DNS and DHCP server.
Additionally, the meeting notes reference related news about Microsoft hiring a new CISO and updates on security patches from other companies, including Adobe, Apache, Google, and Apple.