Friday , November 22 2024
Microsoft

MICROSOFT PATCH TUESDAY FIXED 4 CRITICAL FLAWS

infosecbulletin Wednesday , December 13 2023 International

In December 2023, Microsoft released security updates for multiple products, addressing 33 vulnerabilities.

The company’s vulnerabilities affect several Microsoft products, including Windows, Office, Azure, Microsoft Edge, Windows Defender, Windows DNS and DHCP server, and Microsoft Dynamic. The IT giant also addressed several Chromium issues.

Over 145,000 ICS Across 175 Countries Found Exposed Online

By infosecbulletin / Friday , November 22 2024
A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting...
Read More
Over 145,000 ICS Across 175 Countries Found Exposed Online

World to see AI powered “human washing machines”

By infosecbulletin / Friday , November 22 2024
Osaka-based showerhead maker Science Co. is developing a new version of human washing machine based on cutting-edge technology. The company...
Read More
World to see AI powered “human washing machines”

Hacker compromised over 2000 Palo Alto Networks Firewalls

By infosecbulletin / Friday , November 22 2024
Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two recently patched vulnerabilities (CVE-2024-0012 and...
Read More
Hacker compromised over 2000 Palo Alto Networks Firewalls

“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

By infosecbulletin / Thursday , November 21 2024
Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals)....
Read More
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE

By infosecbulletin / Wednesday , November 20 2024
Trend Micro released a security update for Deep Security 20 Agent Manual Scan Command Injection RCE Vulnerability (CVE-2024-51503) that resolves...
Read More
CVE-2024-51503 Trend Micro released updates for Deep Security Agent RCE

Apple Releases Patch for two Actively Exploited Zero-Day

By infosecbulletin / Wednesday , November 20 2024
Apple released critical updates for its various products including for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day...
Read More
Apple Releases Patch for two Actively Exploited Zero-Day

Maxar Space Data Leak, Company admit, Investigation ongoing!

By infosecbulletin / Tuesday , November 19 2024
Maxar Space Systems has verified a major data breach that exposed particular information of current and former workers. The breach...
Read More
Maxar Space Data Leak, Company admit, Investigation ongoing!

GitHub CLI Vulnerability Could Allow RCE

By infosecbulletin / Tuesday , November 19 2024
A security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) could allow remote code execution on users' devices. With...
Read More
GitHub CLI Vulnerability Could Allow RCE

“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

By infosecbulletin / Tuesday , November 19 2024
“Sarcoma” ransomware group attacked a well known Bangladeshi insurance company named "Popular life insurance company ltd". The threat actor keeps...
Read More
“Sarcoma” ransomware group Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

BugHunt 2024: A Milestone Cyber security Competition held at Dhaka

By infosecbulletin / Monday , November 18 2024
Bug Hunt 2024, one of the largest cyber security competitions and conferences in Bangladesh, was successfully held at the ICT...
Read More
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka

ALSO READ:

Bypassing major EDRS using “POOL PARTY”, Hackers revealed

Four vulnerabilities addressed by the company are rated Critical and 29 are rated Important in severity.

“The December release is typically small, and this month is no exception. In fact, this is the lightest release since December 2017. Still, with over 900 CVEs addressed this year, 2023 has been one of the busiest years for Microsoft patches.” reported ZDI.
Microsoft recommends to pay attention to a critical flaw affecting the MSHTML engine:

CVE-2023-35628 – There is a vulnerability in the MSHTML platform of Windows that allows an attacker to remotely execute code. This vulnerability can be triggered by a specially crafted email that is automatically processed by the Outlook client. The attack occurs before the email is viewed in the Preview Pane.

CVE-2023-36019 – Vulnerability in Microsoft Power Platform Connector allows spoofing. It can be activated by making the user click on a specially created URL.

CVE-2023-35636 – Microsoft Outlook has a vulnerability that could allow the disclosure of NTLM hashes.

The full list of vulnerabilities addressed by the company is available here:

The researchers noted that none of the security issues fixed in Microsoft Patch Tuesday updates for December 2023 are currently being exploited.

Check Also

Tower

CISA, FBI Warns
Hacker compromised multiple teleco network at US

US authorities have revealed a major cyberespionage campaign by hackers, targeting information from Americans in …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin