Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Users should update Windows immediately to fix 33 vulnerabilities
According to data from the Zero Day Initiative, Microsoft has patched more than 900 security vulnerabilities this year through Windows updates. There are no reports that these vulnerabilities have been made public or exploited in the wild, however, there are several notable vulnerabilities, including:
- CVE-2023-35628 (CVSS score: 8.1): Remote code execution vulnerability on Windows MSHTML platform
- CVE-2023-35630 (CVSS score: 8.8): Internet Connection Sharing (ICS) remote code execution vulnerability
- CVE-2023-35636 (CVSS score: 6.5): Microsoft Outlook information disclosure vulnerability
- CVE-2023-35639 (CVSS score: 8.8): Microsoft ODBC driver remote code execution vulnerability
- CVE-2023-35641 (CVSS score: 8.8): Internet Connection Sharing (ICS) remote code execution vulnerability
- CVE-2023-35642 (CVSS score: 6.5): Internet Connection Sharing (ICS) denial of service vulnerability
- CVE-2023-36019 (CVSS score: 9.6): Microsoft Power Platform connector spoofing vulnerability
- CVE-2023-36019 is also important because it allows an attacker to send a specially crafted URL to a target, leading to the execution of malicious scripts in the victim's browser.
Users should update Windows immediately to fix 33 vulnerabilities Picture 1
Microsoft said hackers can manipulate a malicious link, application or file to disguise it as a legitimate link or file to trick victims.
To limit attacks, users should update Windows as soon as possible by clicking on the Start menu and selecting Settings - Security & Update - Windows Update - Check for Updates.
Microsoft's final Patch Tuesday of 2023 also fixes three vulnerabilities in the DHCP server service, which could lead to denial of service or information disclosure.
- CVE-2023-35638 (CVSS score: 7.5): DHCP server service denial of service vulnerability
- CVE-2023-35643 (CVSS score: 7.5): DHCP server service information disclosure vulnerability
- CVE-2023-36012 (CVSS score: 5.3): DHCP server service information disclosure vulnerability
This revelation also comes as Akamai discovered a new series of attacks against Active Directory domains using Microsoft's DHCP server.
'These attacks could allow attackers to spoof sensitive DNS records, stealing credentials,' Ori David said in a report last week.
However, Microsoft says that these issues are not serious enough to receive Windows updates, and asks users to disable DHCP DNS Dynamic Updates if not necessary and not to use DNSUpdateProxy.
Micah SotoYou should read it
- Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
- Microsoft releases new Patch Tuesday update for Windows 10
- Microsoft patched a series of serious bugs for IE and Office next Tuesday
- Patch Tuesday security patch causes blue screen errors and slows down Windows 10
- Microsoft is about to release Patch Tuesday
- Microsoft released patches for more than 100 security holes on Windows
- Microsoft fixes 61 vulnerabilities in latest Windows update
- Microsoft releases new update for Windows 10 and 11, fixing VPN errors
- Microsoft confirms Patch Tuesday patch May 2022 causes AD authentication error
- Microsoft released an updated patch for 25 critical security holes
- Update KB5013943 fixes screen flickering and problems with .NET apps on Windows 11
- Microsoft releases Windows 10 update KB5006670 to fix taskbar errors
Security solution
Microsoft fixes 61 vulnerabilities in latest Windows update- Should I download the CyberGhost VPN Free Proxy browser add-on?
- Should you use a password generator to protect your online accounts?
- 11 most effective antivirus software for Windows 2023
- The most common ways that hackers use to hack your Facebook account
- Is it more secure to store passwords with hardware or software?
Microsoft fixes 61 vulnerabilities in latest Windows update
Should I download the CyberGhost VPN Free Proxy browser add-on?
Should you use a password generator to protect your online accounts?
11 most effective antivirus software for Windows 2023
The most common ways that hackers use to hack your Facebook account
Is it more secure to store passwords with hardware or software?