Microsoft Security Bulletin Coverage for December 2023
Overview
Microsoft’s December 2023 Patch Tuesday includes 33 vulnerabilities, 10 of which are Elevation of Privilege. The vulnerabilities can be classified into the following categories:
- 10 Elevation of Privilege Vulnerabilities
- 8 Remote Code Execution Vulnerabilities
- 5 Information Disclosure Vulnerabilities
- 5 Denial of Service Vulnerabilities
- 5 Spoofing Vulnerabilities
December Vulnerabilities by Impact
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2023 and has produced coverage for seven of the reported vulnerabilities.
Vulnerabilities with detections
CVE-2023-35631 Win32k Elevation of Privilege Vulnerability
ASPY 512 Exploit-exe exe.MP_353
CVE-2023-35632 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
ASPY 518 Exploit-exe exe.MP_359
CVE-2023-35633 Windows Kernel Elevation of Privilege Vulnerability
ASPY 513 Exploit-exe exe.MP_354
CVE-2023-35644 Windows Sysmain Service Elevation of Privilege Vulnerability
ASPY 514 Exploit-exe exe.MP_355
CVE-2023-36005 Windows Telephony Server Elevation of Privilege Vulnerability
ASPY 515 Exploit-exe exe.MP_356
CVE-2023-36391 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
ASPY 516 Exploit-exe exe.MP_357
CVE-2023-36696 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
ASPY 517 Exploit-exe exe.MP_358
Remote Code Execution Vulnerabilities
CVE-2023-21740 Windows Media Remote Code Execution Vulnerability
CVE-2023-35628 Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2023-35629 Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability
CVE-2023-35630 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVE-2023-35634 Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-35639 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-35641 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
CVE-2023-36006 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Elevation of Privilege Vulnerabilities
CVE-2023-35624 Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2023-35631 Win32k Elevation of Privilege Vulnerability
CVE-2023-35632 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2023-35633 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35644 Windows Sysmain Service Elevation of Privilege Vulnerability
CVE-2023-36003 XAML Diagnostics Elevation of Privilege Vulnerability
CVE-2023-36005 Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2023-36011 Win32k Elevation of Privilege Vulnerability
CVE-2023-36391 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2023-36696 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Denial of Service Vulnerabilities
CVE-2023-35621 Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability
CVE-2023-35635 Windows Kernel Denial of Service Vulnerability
CVE-2023-35638 DHCP Server Service Denial of Service Vulnerability
CVE-2023-35642 Internet Connection Sharing (ICS) Denial of Service Vulnerability
CVE-2023-36010 Microsoft Defender Denial of Service Vulnerability
Information Disclosure Vulnerabilities
CVE-2023-35625 Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
CVE-2023-35636 Microsoft Outlook Information Disclosure Vulnerability
CVE-2023-35643 DHCP Server Service Information Disclosure Vulnerability
CVE-2023-36009 Microsoft Word Information Disclosure Vulnerability
CVE-2023-36012 DHCP Server Service Information Disclosure Vulnerability
Spoofing Vulnerabilities
CVE-2023-35619 Microsoft Outlook for Mac Spoofing Vulnerability
CVE-2023-35622 Windows DNS Spoofing Vulnerability
CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
CVE-2023-36019 Microsoft Power Platform Connector Spoofing Vulnerability
CVE-2023-36020 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability