Wednesday , April 30 2025
Microsoft

MICROSOFT PATCH TUESDAY FIXED 4 CRITICAL FLAWS

infosecbulletin Wednesday , December 13 2023 International

In December 2023, Microsoft released security updates for multiple products, addressing 33 vulnerabilities.

The company’s vulnerabilities affect several Microsoft products, including Windows, Office, Azure, Microsoft Edge, Windows Defender, Windows DNS and DHCP server, and Microsoft Dynamic. The IT giant also addressed several Chromium issues.

Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol

By infosecbulletin / Wednesday , April 30 2025
Security vulnerabilities in Apple's AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including...
Read More
Researcher Found Multiple Vulnerabilities In Apple’s AirPlay Protocol

Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

By infosecbulletin / Tuesday , April 29 2025
A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a...
Read More
Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

CISA Adds Actively Exploited Broadcom Flaws to KEV Database

By infosecbulletin / Tuesday , April 29 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault...
Read More
CISA Adds Actively Exploited Broadcom Flaws to KEV Database

Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

By infosecbulletin / Tuesday , April 29 2025
Google's Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related...
Read More
Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

Palo Alto Networks to Acquire AI Security Firm “Protect AI”

By infosecbulletin / Tuesday , April 29 2025
On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
Palo Alto Networks to Acquire AI Security Firm “Protect AI”

CISA Releases Seven ICS Advisories

By infosecbulletin / Monday , April 28 2025
On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
CISA Releases Seven ICS Advisories

India Launches First Quantum Computing Village in Amaravati

By infosecbulletin / Monday , April 28 2025
India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
India Launches First Quantum Computing Village in Amaravati

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

By infosecbulletin / Monday , April 28 2025
Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

By infosecbulletin / Monday , April 28 2025
Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library

By infosecbulletin / Sunday , April 27 2025
A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
CVE-2025-43859 Request Smuggling Vulnerability in Python’s h11 HTTP Library

ALSO READ:

Bypassing major EDRS using “POOL PARTY”, Hackers revealed

Four vulnerabilities addressed by the company are rated Critical and 29 are rated Important in severity.

“The December release is typically small, and this month is no exception. In fact, this is the lightest release since December 2017. Still, with over 900 CVEs addressed this year, 2023 has been one of the busiest years for Microsoft patches.” reported ZDI.
Microsoft recommends to pay attention to a critical flaw affecting the MSHTML engine:

CVE-2023-35628 – There is a vulnerability in the MSHTML platform of Windows that allows an attacker to remotely execute code. This vulnerability can be triggered by a specially crafted email that is automatically processed by the Outlook client. The attack occurs before the email is viewed in the Preview Pane.

CVE-2023-36019 – Vulnerability in Microsoft Power Platform Connector allows spoofing. It can be activated by making the user click on a specially created URL.

CVE-2023-35636 – Microsoft Outlook has a vulnerability that could allow the disclosure of NTLM hashes.

The full list of vulnerabilities addressed by the company is available here:

The researchers noted that none of the security issues fixed in Microsoft Patch Tuesday updates for December 2023 are currently being exploited.

Check Also

symlink

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin