Security News > 2023 > December > Final Patch Tuesday of 2023 goes out with a bang
Of these, four are rated critical - including three remote code execution vulnerabilities and one spoofing bug - and 29 important.
The only vulnerability listed as publicly disclosed in Microsoft's December patch party is a speculative leaks flaw in some AMD processors tracked as CVE-2023-20588 and first disclosed in August.
Patches for Illustrator, Substance 3D Sampler, Substance 3D Designer and After Effects all fix critical vulnerabilities that could lead to arbitrary code execution and memory leak.
Google's December security updates for Android fix 85 vulnerabilities, including three that "May be under limited, targeted exploitation." All three affect Qualcomm components: CVE-2023-33063 is in the kernel while CVE-2023-33107 and CVE-2023-33106 are in the display.
Cisco published a security advisory about a vulnerability in Apache Struts that may affect a long list of its products containing the software - but noted that it's still under investigation.
Rounding out the end-of-year petapalooza, VMware fixed a moderate-rated privilege escalation vulnerability in its VMware Workspace ONE Launcher product.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_2023_patch_tuesday/
Related news
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-33107 | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 7.8 |
| 2023-12-05 | CVE-2023-33106 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | 7.8 |
| 2023-12-05 | CVE-2023-33063 | Use After Free vulnerability in Qualcomm products Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
| 2023-08-08 | CVE-2023-20588 | Divide By Zero vulnerability in multiple products A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 |