Microsoft January 2023 Patch Tuesday
In the first Patch Tuesday of 2023, we got patches for 98 vulnerabilities. Of these, 11 are critical, 1 was previously disclosed, and 1 is already being exploited, according to Microsoft.
The zero-day is an Elevation of Privilege Vulnerability in Windows Advanced Local Procedure Call (ALPC) (CVE-2023-21674). According to the advisory, exploitation of this vulnerability could lead to a browser sandbox escape and give the attacker SYSTEM privileges. This vulnerability deserves prioritization as it is already being exploited. The CVSS of this vulnerability is 8.8, the higher this month.
The previously disclosed is a privilege elevation vulnerability affecting Windows SMB Witness Service (CVE-2023-21549). According to the advisory, to exploit this vulnerability, an attacker could execute a specially crafted malicious script that executes an RPC call to an RPC host. This could result in elevation of privilege on the server. An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only. The CVSS of this vulnerability is 8.8 as well.
There is a third critical elevation of privilege vulnerability with CVSS 8.8. This one affects Microsoft Cryptographic Services (CVE-2023-21561). According to the advisory, a locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM.
Amongst critical vulnerabilities, there are 7 remote code execution, 3 elevation of privilege and 1 security feature bypass. None of the critical vulnerabilities is marked as “Exploitation More Likely” for the Microsoft exploitability assessment.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
January 2023 Security Updates
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Denial of Service Vulnerability | |||||||
CVE-2023-21538 | No | No | - | - | Important | 7.5 | 6.5 |
3D Builder Remote Code Execution Vulnerability | |||||||
CVE-2023-21780 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21781 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21782 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21784 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21786 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21791 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21793 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21783 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21785 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21787 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21788 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21789 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21790 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21792 | No | No | - | - | Important | 7.8 | 6.8 |
Azure Service Fabric Container Elevation of Privilege Vulnerability | |||||||
CVE-2023-21531 | No | No | - | - | Important | 7.0 | 6.1 |
BitLocker Security Feature Bypass Vulnerability | |||||||
CVE-2023-21563 | No | No | Less Likely | Less Likely | Important | 6.8 | 5.9 |
Event Tracing for Windows Information Disclosure Vulnerability | |||||||
CVE-2023-21753 | No | No | - | - | Important | 5.5 | 4.8 |
CVE-2023-21536 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.1 |
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | |||||||
CVE-2023-21547 | No | No | - | - | Important | 7.5 | 6.5 |
Microsoft Cryptographic Services Elevation of Privilege Vulnerability | |||||||
CVE-2023-21551 | No | No | - | - | Critical | 7.8 | 6.8 |
CVE-2023-21561 | No | No | Unlikely | Less Likely | Critical | 8.8 | 7.7 |
CVE-2023-21730 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||||
CVE-2023-21724 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
CVE-2023-21763 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21764 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft Exchange Server Information Disclosure Vulnerability | |||||||
CVE-2023-21761 | No | No | - | - | Important | 7.5 | 6.5 |
Microsoft Exchange Server Spoofing Vulnerability | |||||||
CVE-2023-21762 | No | No | - | - | Important | 8.0 | 7.0 |
CVE-2023-21745 | No | No | - | - | Important | 8.0 | 7.0 |
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | |||||||
CVE-2023-21537 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||||
CVE-2023-21732 | No | No | - | - | Important | 8.8 | 7.7 |
Microsoft Office Remote Code Execution Vulnerability | |||||||
CVE-2023-21734 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21735 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft Office Visio Information Disclosure Vulnerability | |||||||
CVE-2023-21741 | No | No | - | - | Important | 7.1 | 6.2 |
Microsoft Office Visio Remote Code Execution Vulnerability | |||||||
CVE-2023-21736 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21737 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21738 | No | No | - | - | Important | 7.1 | 6.2 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
CVE-2023-21742 | No | No | - | - | Important | 8.8 | 7.7 |
CVE-2023-21744 | No | No | - | - | Important | 8.8 | 7.7 |
Microsoft SharePoint Server Security Feature Bypass Vulnerability | |||||||
CVE-2023-21743 | No | No | - | - | Critical | 5.3 | 4.6 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||||
CVE-2023-21681 | No | No | - | - | Important | 8.8 | 7.7 |
Remote Procedure Call Runtime Denial of Service Vulnerability | |||||||
CVE-2023-21525 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
Visual Studio Code Remote Code Execution | |||||||
CVE-2023-21779 | No | No | - | - | Important | 7.3 | 6.4 |
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | |||||||
CVE-2023-21674 | No | Yes | - | - | Important | 8.8 | 8.2 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||||
CVE-2023-21768 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Authentication Remote Code Execution Vulnerability | |||||||
CVE-2023-21539 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Backup Service Elevation of Privilege Vulnerability | |||||||
CVE-2023-21752 | No | No | More Likely | Less Likely | Important | 7.1 | 6.2 |
Windows Bind Filter Driver Elevation of Privilege Vulnerability | |||||||
CVE-2023-21733 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||||
CVE-2023-21739 | No | No | - | - | Important | 7.0 | 6.1 |
Windows Boot Manager Security Feature Bypass Vulnerability | |||||||
CVE-2023-21560 | No | No | More Likely | Less Likely | Important | 6.6 | 5.8 |
Windows Credential Manager User Interface Elevation of Privilege Vulnerability | |||||||
CVE-2023-21726 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Windows Cryptographic Information Disclosure Vulnerability | |||||||
CVE-2023-21540 | No | No | Unlikely | Less Likely | Important | 5.5 | 4.8 |
CVE-2023-21550 | No | No | - | - | Important | 5.5 | 4.8 |
CVE-2023-21559 | No | No | More Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||||
CVE-2023-21558 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows GDI Elevation of Privilege Vulnerability | |||||||
CVE-2023-21532 | No | No | - | - | Important | 7.0 | 6.1 |
CVE-2023-21552 | No | No | - | - | Important | 7.8 | 7.0 |
Windows Installer Elevation of Privilege Vulnerability | |||||||
CVE-2023-21542 | No | No | - | - | Important | 7.0 | 6.1 |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | |||||||
CVE-2023-21677 | No | No | - | - | Important | 7.5 | 6.5 |
CVE-2023-21683 | No | No | - | - | Important | 7.5 | 6.5 |
CVE-2023-21758 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2023-21747 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21748 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21749 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21750 | No | No | - | - | Important | 7.1 | 6.2 |
CVE-2023-21754 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2023-21755 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2023-21772 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21773 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21774 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-21675 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2023-21776 | No | No | - | - | Important | 5.5 | 4.8 |
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | |||||||
CVE-2023-21757 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | |||||||
CVE-2023-21546 | No | No | Unlikely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2023-21543 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-21555 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2023-21556 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2023-21679 | No | No | - | - | Critical | 8.1 | 7.1 |
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | |||||||
CVE-2023-21557 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |||||||
CVE-2023-21676 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.7 |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | |||||||
CVE-2023-21524 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | |||||||
CVE-2023-21771 | No | No | - | - | Important | 7.0 | 6.1 |
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | |||||||
CVE-2023-21725 | No | No | - | - | Important | 6.3 | 5.5 |
Windows NTLM Elevation of Privilege Vulnerability | |||||||
CVE-2023-21746 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Netlogon Denial of Service Vulnerability | |||||||
CVE-2023-21728 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
Windows Overlay Filter Elevation of Privilege Vulnerability | |||||||
CVE-2023-21767 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Overlay Filter Information Disclosure Vulnerability | |||||||
CVE-2023-21766 | No | No | - | - | Important | 4.7 | 4.1 |
Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | |||||||
CVE-2023-21682 | No | No | - | - | Important | 5.3 | 4.6 |
Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
CVE-2023-21678 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2023-21760 | No | No | - | - | Important | 7.1 | 6.2 |
CVE-2023-21765 | No | No | - | - | Important | 7.8 | 6.8 |
Windows SMB Witness Service Elevation of Privilege Vulnerability | |||||||
CVE-2023-21549 | Yes | No | - | - | Important | 8.8 | 7.7 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||||
CVE-2023-21535 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
CVE-2023-21548 | No | No | - | - | Critical | 8.1 | 7.1 |
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | |||||||
CVE-2023-21759 | No | No | - | - | Important | 3.3 | 2.9 |
Windows Task Scheduler Elevation of Privilege Vulnerability | |||||||
CVE-2023-21541 | No | No | Less Likely | More Likely | Important | 7.8 | 6.8 |
Windows Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2023-21680 | No | No | - | - | Important | 7.8 | 6.8 |
Windows iSCSI Service Denial of Service Vulnerability | |||||||
CVE-2023-21527 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago