Security Affairs
Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day. Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products. The vulnerabilities addressed by the company impact Microsoft Windows and Windows Components; Office and Office Components; Azure, Microsoft Edge (Chromium-based); Windows Defender; Windows DNS […]

Microsoft Patch Tuesday

Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products, including a zero-day.

Microsoft Patch Tuesday security updates for December 2023 addressed 33 vulnerabilities in multiple products.

The vulnerabilities addressed by the company impact Microsoft Windows and Windows Components; Office and Office Components; Azure, Microsoft Edge (Chromium-based); Windows Defender; Windows DNS and DHCP server; and Microsoft Dynamic. The IT giant also addressed several Chromium issues.

Four vulnerabilities addressed by the company are rated Critical and 29 are rated Important in severity.

“The December release is typically small, and this month is no exception. In fact, this is the lightest release since December 2017. Still, with over 900 CVEs addressed this year, 2023 has been one of the busiest years for Microsoft patches.” reported ZDI.

Microsoft recommends to pay attention to a critical flaw affecting the MSHTML engine:

–       CVE-2023-35628 – Windows MSHTML Platform Remote Code Execution Vulnerability. An attacker can trigger this vulnerability by sending a specially crafted email which triggers automatically when it is processed by the Outlook client. The vulnerability is exploited BEFORE the email is viewed in the Preview Pane.

–       CVE-2023-36019 – Microsoft Power Platform Connector Spoofing Vulnerability. The vulnerability can be triggered by tricking a user to click on a specially crafted URL.

–       CVE-2023-35636 – Microsoft Outlook Information Disclosure Vulnerability. Successful exploitation of the flaw could allow the disclosure of NTLM hashes.

The full list of vulnerabilities addressed by the company is available here:

The researchers pointed out that no one of the flaws addressed by Microsoft Patch Tuesday security updates for December 2023 is actively exploited in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)