Virtual Administrator’s December 2023 Patch Recommendations
This month Microsoft released patches for 35 vulnerabilities with 4 rated “Critical” in severity.
All patches will be approved in our patch policy.
Fewer patches this month and no new zero-day threats! The top priority this month is CVE-2023-35628. It is a flaw affecting MSHTML used by Windows and found in many applications – Office, Outlook, Skype and Teams. What’s so concerning is Microsoft writes this could be exploited “without a requirement that the victim open, read, or click on the link.” Microsoft also writes “exploitation of this vulnerability would rely upon complex memory shaping techniques to attempt an attack.” CVE-2023-35630 and CVE-2023-35641 are remote-code execution flaws affecting the Internet Connection Sharing (ICS) feature in Windows. Microsoft released mitigations for a speculative data leak in certain AMD processors disclosed in August CVE-2023-20588. New SSU for Windows Server 2008.
Disclosed: CVE-2023-20588
Exploited: None
FYI A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality (CVE-2023-20588) patched this month.
https://nvd.nist.gov/vuln/detail/CVE-2023-20588
Speculative Leaks Security Notice
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
Security Update Guide
https://msrc.microsoft.com/update-guide/en-us
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:12/12/2023)
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
NOTE: The Windows 10 Security Stack Updates are included in the monthly Cumulative Updates.
Known Issues
Potential problems with HP Smart app on devices with access to the Microsoft Store. Desktop icons may move on systems with multiple monitors. Narrator may not work on Windows 11 systems installed with ISO or media.
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
Printer names and icons might be changed and HP Smart app automatically installs
Affected platforms: Windows 10/11, Server 2012/2016/2019/2022
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#3218msgdesc
Symptom: Some issues related to printer configurations are being observed on Windows devices which have access to the Microsoft Store
Status: Microsoft is investigating this issue and coordinating with partners on a solution.
Desktop icons might move unexpectedly between monitors
Affected platforms: Windows 10/11
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#3217msgdesc
Symptom: Windows devices using more than one (1) monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Copilot in Windows (in preview).
Status: We are working on a resolution and will provide an update in an upcoming release.
Narrator might not start if installing Windows 11, version 23H2 via ISO or media
Affected platforms: Windows 11
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23h2#3212msgdesc
Symptom: Narrator might not start if installing Windows 11, version 23H2 via ISO or media
This is only observed when using ISO or physical discs to install this Windows version
Status: We are working on a resolution and updated media which can be used to install Windows 11, version 23H2 without this issue. We will provide an update in an upcoming release.
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5033433 – Windows Server 2008 R2 (ESU)
- KB5033420 – Windows Server 2012 R2 (ESU)
- KB5033429 – Windows Server 2012 (ESU)
- KB5033422 – Windows Server 2008 (ESU)
Security Only Update
- KB5033424 – Windows Server 2008 R2 (ESU)
- None – Windows Server 2012 R2 (ESU)
- None – Windows Server 2012 (ESU)
- KB5033427 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5033379 – Original release version 1507 (OS Build 10240)
- KB5033373 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5033371 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5033372 – Version 21H2 “November 2021 Update” (OS Build 19044)
- KB5033372 – Version 22H2 “November 2022 Update” (OS Build 19045)
(Versions 1511,1703,1709,1803,1903,1909,2004,20H2,21H1 are no longer under support)
Windows 11
- KB5033369 – 21H2 (OS Build 22000) Original release
- KB5033375 – 22H2 (OS Build 22621)
- KB5033375 – 23H2 (OS Build 22631)
Windows Server
- KB5033373- Server 2016 (same KB as Windows 10 Version 1607)
- KB5033371 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5033118 – Server 2022 (OS Build 20348)
5033376 – Cumulative security update for Internet Explorer
December 2023 updates for Microsoft Office
Notable CVEs
CVE-2023-20588 | AMD Speculative Leaks Security Notice
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-20588
This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.
CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup/IE Cumulative)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628
The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.
CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35630
This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.
Successful exploitation of this vulnerability requires the attacker to modify an option->length field in a DHCPv6 DHCPV6_MESSAGE_INFORMATION_REQUEST input message.
CVE-2023-35636 | Microsoft Outlook Information Disclosure Vulnerability (5002529)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35636
Exploitation of the vulnerability requires that a user open a specially crafted file.
- In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
- In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
CVE-2023-35641 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35641
This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.
To exploit this vulnerability, an attacker would need to send a maliciously crafted DHCP message to a server that runs the Internet Connection Sharing service.
CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36019
The user would have to click on a specially crafted URL to be compromised by the attacker.