Security News > 2023 > December > Final Patch Tuesday of 2023 goes out with a bang
Of these, four are rated critical - including three remote code execution vulnerabilities and one spoofing bug - and 29 important.
The only vulnerability listed as publicly disclosed in Microsoft's December patch party is a speculative leaks flaw in some AMD processors tracked as CVE-2023-20588 and first disclosed in August.
Patches for Illustrator, Substance 3D Sampler, Substance 3D Designer and After Effects all fix critical vulnerabilities that could lead to arbitrary code execution and memory leak.
Google's December security updates for Android fix 85 vulnerabilities, including three that "May be under limited, targeted exploitation." All three affect Qualcomm components: CVE-2023-33063 is in the kernel while CVE-2023-33107 and CVE-2023-33106 are in the display.
Cisco published a security advisory about a vulnerability in Apache Struts that may affect a long list of its products containing the software - but noted that it's still under investigation.
Rounding out the end-of-year petapalooza, VMware fixed a moderate-rated privilege escalation vulnerability in its VMware Workspace ONE Launcher product.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/12/13/december_2023_patch_tuesday/
Related news
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-05 | CVE-2023-33107 | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | 7.8 |
2023-12-05 | CVE-2023-33106 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | 7.8 |
2023-12-05 | CVE-2023-33063 | Use After Free vulnerability in Qualcomm products Memory corruption in DSP Services during a remote call from HLOS to DSP. | 7.8 |
2023-08-08 | CVE-2023-20588 | Divide By Zero vulnerability in multiple products A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 |