#windows

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known "zero-day" threats targeting any of the vulnerabilities in December's patch batch. Still, four of the updates pushed out today address "critical" vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.

The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year.

Windows Media Remote Code Execution Vulnerability

Windows DNS Spoofing Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows Sysmain Service Elevation of Privilege

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Windows Telephony Server Elevation of Privilege Vulnerability

Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability