Patchday December 2023: Microsoft delivers last patches of the year

Like every second Tuesday of the month, Microsoft has not skipped the December 2023 Patchday. However, it is noticeable that the holidays are approaching and Microsoft has only focused on the most important patches. Nevertheless, some security vulnerabilities in Windows 10 and Windows 11 were closed on Patchday December 2023.

Microsoft Patchday December 2023 closes three critical vulnerabilities in Windows

Most of the patches on Patchday December 2023 affect Microsoft's Windows operating system. Windows 10 is known to receive updates until October 2025. After that, the service must be extended for a fee. Windows 11 will continue to receive support beyond this date.

Most patches currently affect both operating systems. In the December patchday, Microsoft was able to close a security gap that was still a remnant from the days of Internet Explorer. Attackers were able to send malware to users' computers using specially crafted emails. The malicious code was already deployed before the e-mail was opened in Outlook. The recipients therefore did not even have to take any action to allow the malicious code onto their hard disks. Fortunately, this is a rather rare phenomenon that was eliminated with Patchday 2023.

Microsoft also eliminated two threats classified as critical with a CVSS score of 8.8 - the CVSS score (Common Vulnerability Scoring System) is an algorithm that classifies cyber threats on a scale of 1 to 10. These threats concerned the shared use of an internet connection. Attackers could use it to send data packets to victims with whom they share an internet connection. Although they usually have to gain access first, this is not impossible.

Incidentally, Microsoft has given the all-clear to the extent that the vulnerabilities have not yet been publicly known and have therefore not been exploited by any cyber criminals. However, you should of course still install the new updates as soon as possible. The vulnerabilities have been known since the December 2023 patchday at the latest and it would otherwise only be a matter of time before hackers exploited them.

Patches for Microsoft Power Platform and Microsoft Azure

A bug in Microsoft Power Platform had the highest rating in the CVSS score in the December 2023 patchday. With a 9.6, this security risk almost reached the high score. All the better that Microsoft was able to fix the bug. Malicious scripts could be injected into the user's browser via a special link.

Two vulnerabilities classified as "important" were closed with Patchday 2023 in Microsoft Azure. Both affected machine learning and the connection to the user's account.

In total, Microsoft fixed 33 bugs for Windows, Azure, Power Platform, Edge, Word, Outlook and other programs and applications with the December 2023 Patchday. This is relatively few (in November there were more than 60), but in a way it is already a tradition for Microsoft to take a step back in December and focus on the most important patches. The next patch day will then take place in January.

Use the secure Microsoft Power Platform with skill it

The Microsoft Power Platform has become more secure with the December 2023 patchday. In our seminars you can learn what is possible with the Power Platform. Among other things, we offer a course for beginners: In Microsoft Power Platform Fundamentals you will learn the basics of the Power Platform. If you already have experience, you can take Microsoft Power BI Data Analyst to deepen your knowledge of data analysis in the Power Platform or in the three-day course Microsoft Power Platform App Maker Develop PowerApps.