All I wanted for Christmas was a light Patch Tuesday. I was clearly on my best behavior all year because this is the lightest month of patching I have seen in my two years of doing these write-ups.
I will now pause while everyone gathers to praise my super awesome behavior. Looks like my mom was wrong all of those years, and I am a saint.
Even the already known does not have an actual score and is just listed as an informational disclosure. Let's take a look at the lowlights ... that is, if we can find any.
Total exploits patched: 33
Critical patches: 4
Already known or exploited: 1
Some highlights (or lowlights)
CVE-2023-36019: This is the only exploit for the month that rates over a 9, coming in at a 9.6. It is a spoofing exploit attacking the Microsoft Power Platform connector. It does have a network attack vector, but it requires user interaction to exploit. The best defense for this one is a well-trained user base that won’t click on suspicious links. If this is one that you are at risk for, it will be listed in your M365 Admin Center. Check there to see if you should restart indiscriminate link-clicking.
CVE-2023-35641: This 8.8 comes in with an exploitation more likely rating, attacking Internet Connection Sharing (ICS), which is not often seen. The only thing keeping the score below a 9 is the attack vector is limited to adjacent. The attacker would need to be on your network from either a shared physical or logical network. This requires no user interaction or privileges, so if you have a server running ICS, get to patching.
CVE-2023-35628: This 8.1-rated remote code execution (RCE) attacks the Windows MSHTML platform. It has all of the risk factors to make it much higher but is considered difficult to pull off, lowering the score slightly. With this exploit, an attacker could send a malicious email that can trigger before it even reaches the preview pane in Outlook. A successful attack allows the attacker to run remote code on the victim’s machine.
Wrapping up
The important thing to remember is that I was, in fact, super well behaved all year, and I did not find a way to game the system. As the world’s foremost authority on good behavior, it would be unconscionable for me to even consider that.
If, in some hypothetical scenario, some loser in red finds out I beat his list and he tries to derail my magical holiday, I will be prepared to make it all vanish with automation, turning this potentially bad time into nothing.
You, too, can stick it to the self-proclaimed King of the Elves by automating your patching with PDQ Deploy, PDQ Inventory, and PDQ Connect! If you don’t hear from me again, know that the Xmas Illuminati got to me.
Loading...