Patch Tuesday de Diciembre

Patch Tuesday Webinar
Jueves 14 Diciembre 2023
Presentado por Daniel Gonzalez Fernandez y Jose Miguel Marcos Lorenzo

Agenda
December 2023 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2023 Ivanti. All rights reserved.
December Patch Tuesday 2023
Prepare yourself for some Holiday Cheer because we have a fairly lite lineup of updates to cover this
month. Microsoft released fixes for 34 new CVEs including 4 which are Critical. Apple released their
updates for iPad, iOS, and macOS on December 11 and Google Chrome is likely releasing an update
on Wednesday December 13. The most urgent CVEs all seem to be in the OS and browsers this
month, so primary focus is to prioritize the OS and browser updates. Happy Holidays and we will see
you again in January 2024!

In the News
§ Lazarus Group Using Log4j Exploits to Deploy Remote Access
Trojans
§ https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html
§ Log4j CVE-2021-44228 still vulnerable in 2.8% of applications using Log4j
§ Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of
PCs
§ https://www.darkreading.com/endpoint-security/critical-logofail-bugs-secure-
boot-bypass-millions-pcs
§ Vulnerability in Unified Extensible Firmware Interface (UEFI)
§ Launches malicious code embedded in the startup logo
§ Google Chrome released late in the day on Dec 12
§ https://chromereleases.googleblog.com/
§ 120.0.6099.0.109 released on Windows, Linux, and macOS, Resolves 9 CVEs

Publicly Disclosed Vulnerabilities
§ CVE-2023-20588 AMD Speculative Leaks Security Notice
§ CVSS 3.1 Scores: None reported yet
§ Severity: Important
§ AMD SB-7007 Notification - Speculative Leaks Security Notice (amd.com)
§ Impact: All currently supported Windows operating systems
§ Per Microsoft – The vulnerability assigned to this CVE is in certain processor
models offered by AMD. The mitigation for this vulnerability requires a Windows
update. This CVE is being documented in the Security Update Guide to announce
that the latest builds of Windows enable the mitigation and provide protection
against the vulnerability.

CVE-2023-3961 Additional Context:
§ CVSS 3: 9.8
§ Path traversal vulnerability in Samba,
§ A specially crafted path sent to a
vulnerable Samba server could trick it
into accessing data outside the shared
directories.
§ Given how prevalent Samba is in mixed
windows/Linux environments, this could
cause significant problems for file servers
running on Linux.
Happens when processing client pipe
names connecting to Unix domain sockets in
a private directory, which is meant to
connect SMB clients to remote procedure
call (RPC) services (such as SAMR LSA or
SPOOLSS).
Insufficient sanitization of incoming client
pipe names may result in an attacker or
client being able to send a pipe name
resolving to an external service using an
existing Unix domain socket.
New and Notable Linux Vulnerabilities: 1
Highlighted by TuxCare

CVE-2021-3773 Mitigation
§ CVSS 3: 9.8
§ Information disclosure in OpenVPN, a
common VPN solution on Linux systems.
§ It was found that a kernel flaw on the
netfilter code could expose endpoint
information to a remote attacker, which
could then be used for other attacks. On
untrusted networks, where this type of
protection is more valuable, it could
expose users to third parties.
Upgrade AlmaLinux:8 kernel-tools to version
0:4.18.0-372.9.1.el8 or higher.
This issue was patched in ALSA-2022:1988.

CVE-2023-4206
CVE-2023-4207
CVE-2023-4208
Additional Context:
§ CVSS 3: 7.5
§ A use-after-free flaw was found on the
kernel's network scheduler code that
could potentially be abused to obtain
local privilege escalation on essentially
any Linux system.
§ This code is present on most, if not all,
Linux distributions.
This is relevant because, if confirmed, it
can be very dangerous but also because it
got 3 CVE entries, all of which are currently
"undergoing reanalysis," and the pendulum
could swing either way - either a nothing -
burger or a very dangerous situation
indeed. At the very least, sysadmins should
keep an eye out on these advisories.
Mitigation
Prevent the module cls_u32 from being
loaded by blacklisting the module to
prevent it from loading automatically.

Microsoft Patch Tuesday Updates of Interest
§ Advisory 990001 Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
§ Server 2008 ESU Operating Systems
§ Azure and Development Tool Updates
§ Azure Logic Apps
§ Azure Connected Machine Agent
§ Azure Machine Learning SDK
Source: Microsoft

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 10/14/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
22H2 10/18/2022 10/14/2025
Windows 11 Home and Pro
23H2 10/31/2023 11/11/2025
22H2 9/20/2022 10/8/2024
Windows 11 Enterprise and Education
23H2 10/31/2023 11/10/2026
22H2 9/20/2022 10/14/2025
21H2 10/4/2021 10/8/2024
https://docs.microsoft.com/en-us/lifecycle/faq/windows
Source: Microsoft

Server Long-term Servicing Channel Support
Server LTSC Support
Version Editions Release Date Mainstream Support Ends Extended Support Ends
Windows Server 2022 Datacenter and Standard 08/18/2021 10/13/2026 10/14/2031
Windows Server 2019
(Version 1809)
Datacenter, Essentials, and Standard 11/13/2018 01/09/2024 01/09/2029
Windows Server 2016
(Version 1607)
Datacenter, Essentials, and Standard 10/15/2016 01/11/2022 01/11/2027
https://learn.microsoft.com/en-us/windows-server/get-
started/windows-server-release-info
Source: Microsoft
§ Focused on server long-term stability
§ Major version releases every 2-3 years
§ 5 years mainstream and 5 years extended support
§ Server core or server with desktop experience available

Patch Content Announcements
§ Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)

MS23-12-W11: Windows 11 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, 23H2 and Edge
Chromium
§ Description: This bulletin references KB 5033369 (21H2) and KB 5033375
(22H2/23H2).
§ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege,
and Information Disclosure
§ Fixes 18 Vulnerabilities: CVE-2023-20588 is publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slides

December Known Issues for Windows 11
§ KB 5033369 – Windows 11 21H2
§ [Encrypt Drive Reporting Error] Using the FixedDrivesEncryptionType or
SystemDrivesEncryptionType policy settings in the BitLocker configuration service
provider (CSP) node in mobile device management (MDM) apps might incorrectly
show a 65000 error in the "Require Device Encryption" setting for some devices in
your environment. Affected environments are those with the “Enforce drive
encryption type on operating system drives” or "Enforce drive encryption on fixed
drives" policies set to enabled and selecting either "full encryption" or "used space
only". Microsoft Intune is affected by this issue but third-party MDMs might also be
affected.
§ Important: This issue is a reporting issue only and does not affect drive encryption
or the reporting of other issues on the device, including other BitLocker issues.
§ Microsoft is working on a resolution

December Known Issues for Windows 11 (cont)
§ KB 5033375 – Windows 11 22H2/23H2
§ [Encrypt Drive Reporting Error]
§ [Icon Display] Windows devices using more than one (1) monitor might experience
issues with desktop icons moving unexpectedly between monitors or other icon
alignment issues when attempting to use Copilot in Windows (in preview).
§ [Emoji Display] The color font format for COLRv1 does not render properly. This
format enables Windows to display emoji with a 3D-like appearance.
§ [Narrator] When using physical media or disc images (ISO) to install Windows 11,
version 23H2 (also referred to as the Windows 11 2023 Update) on a device,
Microsoft Narrator might not start. Narrator is commonly initialized using keyboard
commands, such as Ctrl + Windows key + Enter. Although Narrator is present in
Windows when the installation process begins, it might open in an unresponsive
state when initialized using any method.
§ Microsoft is working on a resolution for all four issues.

MS23-12-W10: Windows 10 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
§ Description: This bulletin references 7 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege,
and Information Disclosure
§ Fixes 22 Vulnerabilities: CVE-2023-20588 is publicly disclosed. See the Security
Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide

December Known Issues for Windows 10
§ KB 5033372 – Windows 10 Enterprise and Education, version 21H2;
Windows 10 IoT Enterprise, version 21H2; Windows 10 Enterprise
Multi-Session, version 21H2; and Windows 10, version 22H2, all
editions
§ KB 5033371 – Win 10 Ent LTSC 2019, Win 10 IoT Ent LTSC 2019,
Windows 10 IoT Core 2019 LTSC, Windows Server 2019

MS23-12-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
§ Maximum Severity: Important
§ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
§ Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Information Disclosure
§ Fixes 2 Vulnerabilities: CVE-2023-35636 and CVE-2023-36009 are not known to
be exploited or publicly disclosed
§ Restart Required: Requires application restart
§ Known Issues: None reported

MS23-12-OFF: Security Updates for Microsoft Office
§ Maximum Severity: Important
§ Affected Products: Office 2016, and Office LTSC 2021 for Mac
§ Description: This security update resolves multiple security issues in Microsoft
Office suite. This bulletin references KB 5002520, KB 5002529 and release notes for
the Mac updates.
§ Impact: Information Disclosure and Spoofing
§ Fixes 3 Vulnerabilities: CVE-2023-35619, CVE-2023-35636 and CVE-2023-36009
are not known to be exploited or publicly disclosed
§ Restart Required: Requires application restart
§ Known Issues: None reported

Windows Release Summary
§ Security Updates (with CVEs): Google Chrome (2), Firefox (1), Firefox ESR (1), Foxit PDF Editor
(Subscription) (1), Foxit PDF Reader Consumer (1), Foxit PDF Reader Enterprise (2), Thunderbird (1)
§ Security Updates (w/o CVEs): CCleaner (1), Google Chrome (1), ClickShare App Machine-Wide
Installer (1), Docker For Windows (2), Dropbox (1), Evernote (5), Firefox (1), GoodSync (2), GIT for
Windows (1), Grammarly for Windows (2), Java Development Kit 21 (1), LibreOffice (3), Node.JS (Current)
(3), Node.JS (LTS Upper) (1), Notepad++ (1), Opera (4), PDF24 Creator (1), Paint.net (1), Plex Media
Server (1), Python (1), RedHat OpenJDK (1), Screenpresso (3), Skype (1), Slack Machine-Wide Installer
(2), Snagit (1), Splunk Universal Forwarder (2), Thunderbird (1), TeamViewer (2), Zoom Client (1), Zoom
Outlook Plugin (1), Zoom Rooms Client (1)
§ Non-Security Updates: 8x8 Work Desktop (1), AIMP (2), Bandicut (1), Bitwarden (1), Camtasia (1),
Google Drive File Stream (3), GeoGebra Classic (1), GoTo Connect (1), Inkscape (2), NextCloud Desktop
Client (1), Password Safe (1), RingCentral App (Machine-Wide Installer) (1), Rocket.Chat Desktop Client
(1), Cisco WebEx Teams (1), WeCom (3), WinMerge (1)

Windows Third Party CVE Information
§ Google Chrome 119.0.6045.200
§ CHROME-231128, QGC11906045200
§ Fixes 6 Vulnerabilities: CVE-2023-6345, CVE-2023-6346, CVE-2023-6347, CVE-
2023-6348’ CVE-2023-6350, CVE-2023-6351
§ CHROME-231205, QGC1200609963
2023-6511, CVE-2023-6512
§ Foxit PDF Reader Enterprise 12.1.3.15356
§ FPDFRE-231130, QFPDFRE1213MSP
2023-33866, CVE-2023-33876, CVE-2023-38105, CVE-2023-38106, CVE-2023-
38107, CVE-2023-38108, CVE-2023-38109, CVE-2023-38110, CVE-2023-38111,
CVE-2023-38112, CVE-2023-38113, CVE-2023-38114, CVE-2023-38115, CVE-2023-
38116, CVE-2023-38117, CVE-2023-38118, CVE-2023-38119

Windows Third Party CVE Information (cont)
§ Firefox 120.0
§ FF-231121, QFF1200
2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6210, CVE-2023-6211,
CVE-2023-6212, CVE-2023-6213
§ Firefox ESR 115.5.0
§ FFE-231121, QFFE11550
2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6212
§ Thunderbird 115.5.0
§ TB-231121, QTB11550
2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6212

Windows Third Party CVE Information (cont)
§ Foxit PDF Editor (Subscription) 2023.3.0.23028
§ FPDFES-231120, QFPDFES20233
§ Fixes 5 Vulnerabilities: CVE-2023-32616, CVE-2023-35985, CVE-2023-38573, CVE-2023-40194,
CVE-2023-41257
§ Foxit PDF Reader Consumer 2023.3.0.23028
§ FPDFRC-231120, QFPDFRC20233
CVE-2023-41257
§ Foxit PDF Reader Enterprise 2023.3.0.23028
§ FPDFRE-231120, QFPDFRE20233
CVE-2023-41257

Apple Release Summary
§ Security Updates (with CVEs): Apple macOS Sonoma (1), Google Chrome (2), Firefox (1),
Firefox ESR (1), Microsoft Edge (3), Powershell (1), Safari for Monterey (1), Safari for Ventura (1),
Thunderbird (1), Visual Studio Code (1)
§ Security Updates (w/o CVEs): None
§ Non-Security Updates: Brave (2), Calendar 366 II (1), Docker Desktop (2), Dropbox (1), Evernote
(5), Microsoft Office 2019 Excel (2), Firefox (1), Figma (1), Grammarly (6), HandBrake (1), Hazel (1),
Inkscape (2), LibreOffice (2), Microsoft Office 2019 Outlook (2), Microsoft Office 2019 PowerPoint (2),
Python-(4), Slack (2), Spotify (2), Sublime Text (2), Thunderbird (1), Microsoft Office 2019 Word (2), Zoom
Client for Mac (1)

Apple Updates with CVE Information
§ macOS Sonoma 14.1.2
§ HT214032
§ Fixes 2 Vulnerabilities: CVE-2023-42916, CVE-2023-42917
§ Safari 17.1.2 for Ventura and Monterey
§ HT214033

Apple Third Party CVE Information
§ CHROMEMAC-231128
§ Fixes 6 Vulnerabilities: CVE-2023-6345, CVE-2023-6346, CVE-2023-6347, CVE-2023-6348’
CVE-2023-6350, CVE-2023-6351
§ CHROMEMAC-231206
CVE-2023-6512
§ Visual Studio Code 1.85.0
§ VSCODE-231207
§ Fixes 1 Vulnerability: CVE-2023-5217

Apple Third Party CVE Information (cont)
§ Firefox 120.0
§ FF-231121
2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6210, CVE-2023-6211,
CVE-2023-6212, CVE-2023-6213
§ Firefox ESR 115.5.0
§ FFE-231121
2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6212
§ Thunderbird 115.5.0
§ TB-231121
2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6212

Apple Third Party CVE Information (cont)
§ Microsoft Edge 119.0.2151.72
§ MEDGEMAC-231117
§ MEDGEMAC-231129
§ MEDGEMAC-231207
§ Fixes 3 Vulnerabilities: CVE-2023-35618; CVE-2023-36880; CVE-2023-38174
§ Microsoft Powershell 7.4.0
§ PSHELLMAC-231128

Thank You!

Patch Tuesday de Diciembre

Recommended

Recommended

More Related Content

Similar to Patch Tuesday de Diciembre

Similar to Patch Tuesday de Diciembre (20)

More from Ivanti

More from Ivanti (8)

Recently uploaded

Recently uploaded (20)

Patch Tuesday de Diciembre