December 2023 Patch Tuesday

by

December 2023 Patch Tuesday

34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs.

The number of bugs in each vulnerability category is listed below:

  • 10 Elevation of Privilege Vulnerabilities
  • 8 Remote Code Execution Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 5 Spoofing Vulnerabilities

The total count of 34 flaws does not include 8 Microsoft Edge flaws fixed on December 7th.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5033375 cumulative update and Windows 10 KB5033372 cumulative update.

One publicly disclosed zero-day fixed

This month’s Patch Tuesday fixes one AMD zero-day vulnerability disclosed in August that previously remained unpatched.

The ‘CVE-2023-20588 – AMD: CVE-2023-20588 AMD Speculative Leaks‘ vulnerability is a division-by-zero bug in specific AMD processors that could potentially return sensitive data.

The flaw was disclosed in August 2023, with AMD not providing any fixes other than recommending the following mitigation.

“For affected products, AMD recommends following software development best practices,” reads an AMD bulletin on CVE-2023-20588.

“Developers can mitigate this issue by ensuring that no privileged data is used in division operations prior to changing privilege boundaries. AMD believes that the potential impact of this vulnerability is low because it requires local access. “