To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one (CVE-2023-21549) that’s been publicly disclosed. Both allow attackers to elevate privileges on the vulnerable machine. Vulnerabilities of note CVE-2023-21674 is a vulnerability in Windows Advanced Local Procedure Call (ALPC) that could lead to a browser sandbox escape and allow attackers to gain SYSTEM privileges on a wide variety of Windows and … More
The post Microsoft plugs actively exploited zero-day hole (CVE-2023-21674) appeared first on Help Net Security.
