Security News > 2023 > December > Final Patch Tuesday of 2023 goes out with a bang
Of these, four are rated critical - including three remote code execution vulnerabilities and one spoofing bug - and 29 important.
The only vulnerability listed as publicly disclosed in Microsoft's December patch party is a speculative leaks flaw in some AMD processors tracked as CVE-2023-20588 and first disclosed in August.
Patches for Illustrator, Substance 3D Sampler, Substance 3D Designer and After Effects all fix critical vulnerabilities that could lead to arbitrary code execution and memory leak.
Google's December security updates for Android fix 85 vulnerabilities, including three that "May be under limited, targeted exploitation." All three affect Qualcomm components: CVE-2023-33063 is in the kernel while CVE-2023-33107 and CVE-2023-33106 are in the display.
Cisco published a security advisory about a vulnerability in Apache Struts that may affect a long list of its products containing the software - but noted that it's still under investigation.
Rounding out the end-of-year petapalooza, VMware fixed a moderate-rated privilege escalation vulnerability in its VMware Workspace ONE Launcher product.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_2023_patch_tuesday/
Related news
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-33107 | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 7.8 |
| 2023-12-05 | CVE-2023-33106 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | 7.8 |
| 2023-12-05 | CVE-2023-33063 | Use After Free vulnerability in Qualcomm products Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
| 2023-08-08 | CVE-2023-20588 | Divide By Zero vulnerability in multiple products A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 |