December Microsoft Patch Tuesday
December has arrived with a series of crucial updates from Microsoft, marking a significant moment for Windows 10 and Windows 11 users. The Patch Tuesday event, which took place on December 12, witnessed the release of important cumulative updates that brought improvements and fixes to both operating systems. In this article, we will delve into the details of the news and changes introduced by these updates, highlighting how they will impact the user experience.
Upgrade to Windows 11 Professional
Security Updates on Windows 10 and Windows 11
Microsoft has placed a strong emphasis on security with its latest updates, addressing a total of 34 security vulnerabilities, 8 of which were classified as critical. These fixes are essential to protect users’ data and devices from potential malware attacks or unauthorized access.
KB5033375 Update for Windows 11
The KB5033375 update for Windows 11 has introduced significant improvements in both security and functionality. Here are some of the key features:
- Copilot in Windows: One of the most exciting developments is the introduction of Copilot, the AI-based virtual assistant from OpenAI, now available on Windows 10 for all users. This revolutionary tool offers support for various tasks, from programming to internet research, all through simple voice or text commands.
- UI Enhancements: Windows 11 now allows you to use Copilot on multiple screens, improving accessibility and efficiency.
- Performance Improvements: The update has also brought improvements in Copilot’s speed of opening and has resolved some technical issues, such as IE mode freezing and file explorer problems.
- Energy Optimization: A focus on dynamic lighting has led to reduced energy consumption, which is particularly important for users on portable devices.
KB5033372 Update for Windows 10
The KB5033372 update for Windows 10 also focused on security and introduced some interesting features:
- Copilot Button in Windows: Similar to Windows 11, Windows 10 has received the Copilot button, appearing on the taskbar, offering quick and easy access to the virtual assistant.
- News & Interests Feature: This feature has been expanded to provide a better user experience and quicker access to relevant information.
- Updated Update Settings: Users now have more control over update installations, with the option to download the latest updates as soon as they are available.
Critical Vulnerabilities Resolved
From the list of updates provided by ISC-SANS, four patches of particular importance emerge, with three classified as “critical” and one as “important.”
CVE-2023-35630 and CVE-2023-35641: Internet Connection Sharing (ICS)
These two critical vulnerabilities affect Windows 10, Windows 11, and Windows Server. An attacker could exploit them to execute malicious code on a computer by manipulating specific options in DHCPv6 messages. However, this risk is limited to devices connected to the attacker’s network segment.
CVE-2023-35628: MSHTML Rendering Engine
MSHTML, formerly the rendering engine for Internet Explorer and Edge before Microsoft’s adoption of Chromium, is at the center of this critical vulnerability. An attacker could exploit it by sending a malicious email to a vulnerable Microsoft Outlook client, potentially triggering the flaw even in the email preview pane.
CVE-2023-35636: NTLM and Outlook Attacks
This Outlook-specific vulnerability could lead to the exposure of NTLM hashes, which are user passwords in hashed format. Microsoft is working to mitigate NTLM attacks and is promoting the use of the more secure Kerberos authentication protocol on both client and server systems.
CVE-2023-21740: Windows Media
Finally, a vulnerability in Windows Media related to remote code execution can be exploited by opening a malicious file. Considered easily exploitable, activating the malicious code can occur with a simple double-click or by opening a malicious item with Windows Media Player.
Updates for Windows 10 and Windows 11 can be installed automatically through Windows Update. Users also have the option to manually force installation through the operating system settings or by downloading the package from the Microsoft Update Catalog.
In conclusion, the December Microsoft Patch Tuesday has brought significant improvements to both Windows 10 and Windows 11. With a strong focus on security and the introduction of innovative features like Copilot, the updates have significantly enhanced the user experience, offering new possibilities and greater protection. Users of both operating systems will benefit from these new features and improvements, making their digital experience more secure, efficient, and enjoyable.