WARNING: MICROSOFT PATCH TUESDAY, JANUARY 2023 PATCHES 98 VULNERABILITIES INCLUDING ONE ZERO-DAY EXPLOITED IN THE WILD (11 CRITICAL, 87 IMPORTANT)
Microsoft Patch Tuesday, January 2023 patches 98 vulnerabilities including a zero-day vulnerability exploited in the wild (11 critical, 87 important)
Number of CVEs per type
- 39 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 33 Remote Code Execution Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
- 0-day vulnerability: 1
- Exploitation detected: 1
- Exploitation more likely in latest version: 7
- Exploitation more likely in older versions: 4
This month’s Patch Tuesday includes 11 critical and 87 important vulnerabilities for a wide range of Microsoft products and technologies.
In addition, Microsoft reports one zero-day vulnerability CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege) as being exploited in the wild without providing public disclosure.
Two other privilege escalation vulnerabilities identified as being of high priority affect Microsoft Exchange Server CVE-2023-21763 and CVE-2023-21764. Implementing patch management for Microsoft Exchange servers is highly recommended. Microsoft Exchange servers are high-value targets for threat actors.
The CCB warned its constituency multiple times in the last two years for actively exploited vulnerabilities targeting Microsoft Exchange server.
- March 2021: ProxyLogon
- August 2021: ProxyShell
- November 2022: ProxyNotShell
- December 2022: OWASSRF
CISA added CVE-2022-41080, an Exchange Server privilege escalation flaw, to the Known Exploited Vulnerability catalogue following reports that the vulnerability is being chained alongside CVE-2022-41082 to achieve remote code execution on vulnerable systems. The exploit, codenamed OWASSRF by CrowdStrike, has been leveraged by the Play ransomware actors to breach target environments. The defects were fixed by Microsoft in November 2022.
Patch Tuesday, January updates also arrive as Windows 7, Windows 8.1, and Windows RT reached their end of support on January 10, 2023. Microsoft won’t be offering an Extended Security Update (ESU) program for Windows 8.1, instead urging users to upgrade to Windows 11.
Continuing to use Windows 8.1 after January 10, 2023, may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations.
CVE-2023-21674 - Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
While Microsoft notes this 0-day vulnerability is being exploited in the wild, no further technical details have been disclosed at the time of this writing.
Successful exploitation can result in an attacker gaining SYSTEM permissions.
CVE-2023-21743 - Microsoft SharePoint Server Security Feature Bypass Vulnerability
While Microsoft only granted a CVSS score of 5.3, they noted that exploitation of this vulnerability is more likely as it can be exploited remotely and allows an attacker to bypass expected user access as an unauthenticated user.
SharePoint Server 2016/2019 administrators should also consider that patching this vulnerability will require a SharePoint upgrade action which is included in this Patch Tuesday.
CVE-2023-21762 & CVE-2023-21745 - Microsoft Exchange Server Spoofing Vulnerabilities
Microsoft notes that exploitation of both vulnerabilities requires an attacker to be authenticated on a vulnerable Exchange server. An attacker could execute code with SYSTEM-level privileges by exploiting a hard-coded file path.
Exchange server admins should also note that CVE-2023-21762 affects Exchange server 2013 in addition to 2016 and 2019, while CVE-2023-21745 only affects Exchange server 2016 and 2019.
CVE-2023-21678 - Windows Print Spooler Elevation of Privilege Vulnerability
Attackers will likely seek to chain exploitation of this vulnerability with others to elevate their privileges on a compromised system as it affects both Windows Servers and Windows clients.
CVE-2023-21563 - BitLocker Security Feature Bypass Vulnerability
An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. The CCB recommends Windows administrators to deploy an endpoint device management solution with device-wiping capabilities.
The Centre for Cyber Security Belgium strongly recommends Windows system administrators to install updates for vulnerable systems with the highest priority, after thorough testing.