Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day
Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day.
Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; .NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components, and Microsoft Exchange Server.
11 vulnerabilities are rated Critical and 87 are rated Important in severity. 25 of these flaws were submitted through the Zero Day Initiative program.
One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. The flaw is a Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability that could lead to a browser sandbox escape. An attacker can exploit this vulnerability to gain SYSTEM privileges.
“This is the one bug listed as under active attack for this month. It allows a local attacker to escalate privileges from sandboxed execution inside Chromium to kernel-level execution and full SYSTEM privileges.” reads the advisory published by ZDI.
Microsoft is aware of active exploitation of the flaw in the wild, but did not share details about the attacks.
The vulnerability was reported by malware researchers Jan Vojtěšek, Milánek, and Przemek Gmerek from Avast.
Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8) flaw, which is listed as publicly known at the time of release. The issue is a Windows Workstation Service Elevation of Privilege vulnerability.
“To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server.” reads the advisory published by Microsoft. “An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.”
Here’s the full list of flaws addressed by Microsoft Patch Tuesday security updates for January 2023:
| CVE | Title | Severity | CVSS | Public | Exploited |
| CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important | 8.8 | No | Yes |
| CVE-2023-21549 | Windows Workstation Service Elevation of Privilege Vulnerability | Important | 8.8 | Yes | No |
| CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical | 8.8 | No | No |
| CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical | 7.8 | No | No |
| CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Critical | 8.2 | No | No |
| CVE-2023-21730 | Windows Cryptographic Services Remote Code Execution Vulnerability | Critical | 7.8 | No | No |
| CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No |
| CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No |
| CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No |
| CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No |
| CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No |
| CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No |
| CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No |
| CVE-2023-21538 | .NET Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important | 7 | No | No |
| CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | Important | 6.8 | No | No |
| CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | Important | 4.7 | No | No |
| CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | Important | 5.5 | No | No |
| CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Important | 8 | No | No |
| CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Important | 8 | No | No |
| CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No |
| CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | Important | 7.1 | No | No |
| CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.1 | No | No |
| CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No |
| CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No |
| CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No |
| CVE-2023-21725 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important | 6.3 | No | No |
| CVE-2023-21779 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.3 | No | No |
| CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | Important | 7.1 | No | No |
| CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important | 7 | No | No |
| CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important | 7 | No | No |
| CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | Important | 6.6 | No | No |
| CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.5 | No | No |
| CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.5 | No | No |
| CVE-2023-21559 | Windows Cryptographic Services Information Disclosure Vulnerability | Important | 6.2 | No | No |
| CVE-2023-21525 | Windows Encrypting File System (EFS) Denial of Service Vulnerability | Important | 5.9 | No | No |
| CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | Important | 7 | No | No |
| CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | Important | 7 | No | No |
| CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.1 | No | No |
| CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No |
| CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important | 8.8 | No | No |
| CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Important | 7 | No | No |
| CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | Important | 7.5 | No | No |
| CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | Important | 4.7 | No | No |
| CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | Important | 5.3 | No | No |
| CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.1 | No | No |
| CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Important | 3.3 | No | No |
| CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No |
| Lookin |
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
|
|
(SecurityAffairs – hacking, Microsoft Patch Tuesday)
The post Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day appeared first on Security Affairs.