What is Patch Tuesday
Patch Tuesday refers to regular, scheduled releases of software patches and updates by various technology companies, including Microsoft, Adobe, Oracle etc. It occurs on the second Tuesday of each month. During Patch Tuesday, Microsoft releases:
Security Updates
Bug Fixes
Improvements in its products (Windows OS, MS Office, other supported MS applications)
December 2023
Microsoft has rolled out security patches covering 36 vulnerabilities. Currently, there is no evidence of active exploitation and no proof of concept exploits have been discovered. It is noticeable that this month's release note is less comprehensive compared to previous months.
Products
In the provided image below, we can see that the primary vulnerable products are Windows Internet Connection Sharing (ICS), followed by Microsoft Edge (Chromium-Based) and Windows DHCP Server.
Vulnerability Types
In the image below we can observe that the predominant vulnerability type for this month is elevation of privilege (11), trailed by remote code execution (8) and Information Disclosure (7) respectively.
The below heatmap depicts the distribution of various vulnerability types per MS product.
CVSSv3 Score Distribution
It becomes evident that a significant majority of vulnerabilities gravitates towards the range of 7 to 9. This cluster underscores the high to critical severity of these vulnerabilities.
Statistics related to CVSSv3 score distribution:
mean: 7.3
min: 4.3
max: 9.6
median: 7.5
PRIOn KB Prioritization Decision Engine
PRIOn KB prioritization decision engine provides sensible default prioritization for vulnerabilities, which can also be customized to align with your security policies and requirements. The below pie chart provides a visual presentation of the distribution of vulnerabilities analysed via the PRIOn KB decision engine. At a glance, it becomes evident that the majority of the vulnerabilities, comprising a substantial 69.4% (25) of the total, fall into the "Significant" risk priority level. The "Routine" priority level makes up 30.6% (11) of the chart. As of now, none of the vulnerabilities being analysed fall into the "urgent" or "immediate" risk priority level.
In the table below, we have arranged all the examined CVEs by priority.
CVE | Score | Priority Label |
|---|---|---|
68 | Significant | |
66 | Significant | |
63 | Significant | |
62 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
61 | Significant | |
59 | Routine | |
59 | Routine | |
59 | Routine | |
59 | Routine | |
59 | Routine | |
59 | Routine | |
59 | Routine | |
59 | Routine | |
59 | Routine | |
59 | Routine | |
59 | Routine |
How PRIOn can help
PRIOn is an AI driven vulnerability prioritization technology. PRIOn is here to automatically prioritize vulnerabilities, public or private, that matter most across your entire environment. Contact us here for any inquiry/demo. We are here to assist you to transform your vulnerability management lifecycle.
