Microsoft’s December 2023 Patch Tuesday Addresses 34 Vulnerabilities, Including an AMD Zero-Day

December 12, 2023

Microsoft's December 2023 Patch Tuesday has seen the release of security updates addressing a total of 34 vulnerabilities, including one previously disclosed but unpatched flaw in AMD CPUs. Out of the total, eight were remote code execution (RCE) bugs, of which three were deemed critical.

In total, four vulnerabilities were classified as critical. These included a spoofing vulnerability in Power Platform, two RCE vulnerabilities in Internet Connection Sharing, and one RCE vulnerability in the Windows MSHTML Platform. The overall count of 34 flaws does not take into account the eight Microsoft Edge flaws that were rectified on December 7th.

Comprehensive information about the non-security updates released on this day can be found in dedicated articles on the new Windows 11 KB5033375 cumulative update and Windows 10 KB5033372 cumulative update.

This month's Patch Tuesday also addressed an AMD zero-day vulnerability, known as 'CVE-2023-20588 - AMD: CVE-2023-20588 AMD Speculative Leaks', that was disclosed back in August but remained unpatched until now. This division-by-zero bug, found in certain AMD processors, could potentially leak sensitive data.

AMD had not provided any fixes for this flaw, other than recommending mitigation strategies. According to an AMD bulletin on CVE-2023-20588, 'For affected products, AMD recommends following software development best practices. Developers can mitigate this issue by ensuring that no privileged data is used in division operations prior to changing privilege boundaries. AMD believes that the potential impact of this vulnerability is low because it requires local access.'

As part of the December Patch Tuesday updates, Microsoft has now released a security update that resolves this bug in the affected AMD processors.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.