Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day.

Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; .NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components, and Microsoft Exchange Server.

11 vulnerabilities are rated Critical and 87 are rated Important in severity. 25 of these flaws were submitted through the Zero Day Initiative program.

Microsoft Patch Tuesday Exchange server

One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. The flaw is a Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability that could lead to a browser sandbox escape. An attacker can exploit this vulnerability to gain SYSTEM privileges.

“This is the one bug listed as under active attack for this month. It allows a local attacker to escalate privileges from sandboxed execution inside Chromium to kernel-level execution and full SYSTEM privileges.” reads the advisory published by ZDI.

Microsoft is aware of active exploitation of the flaw in the wild, but did not share details about the attacks.

The vulnerability was reported by malware researchers Jan Vojt?šek, Milánek, and Przemek Gmerek from Avast.

Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8) flaw, which is listed as publicly known at the time of release. The issue is a Windows Workstation Service Elevation of Privilege vulnerability.

“To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server.” reads the advisory published by Microsoft. “An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.”

Here’s the full list of flaws addressed by Microsoft Patch Tuesday security updates for January 2023:

CVE Title Severity CVSS Public Exploited
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 8.8 No Yes
CVE-2023-21549 Windows Workstation Service Elevation of Privilege Vulnerability Important 8.8 Yes No
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 8.8 No No
CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 7.8 No No
CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 8.2 No No
CVE-2023-21730 Windows Cryptographic Services Remote Code Execution Vulnerability Critical 7.8 No No
CVE-2023-21543 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No
CVE-2023-21546 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No
CVE-2023-21555 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No
CVE-2023-21556 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No
CVE-2023-21679 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No
CVE-2023-21535 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No
CVE-2023-21548 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No
CVE-2023-21538 .NET Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21780 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21781 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21782 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21784 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21786 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21791 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21793 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21783 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21785 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21787 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21788 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21790 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21792 3D Builder Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability Important 7 No No
CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability Important 6.8 No No
CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability Important 4.7 No No
CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability Important 5.5 No No
CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability Important 7.5 No No
CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No
CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No
CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No
CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability Important 7.1 No No
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No
CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No
CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No
CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No
CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No
CVE-2023-21725 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 6.3 No No
CVE-2023-21779 Visual Studio Code Remote Code Execution Vulnerability Important 7.3 No No
CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability Important 7.5 No No
CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability Important 7.1 No No
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7 No No
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7 No No
CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability Important 6.6 No No
CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No
CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No
CVE-2023-21559 Windows Cryptographic Services Information Disclosure Vulnerability Important 6.2 No No
CVE-2023-21525 Windows Encrypting File System (EFS) Denial of Service Vulnerability Important 5.9 No No
CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability Important 7 No No
CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability Important 7 No No
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No
CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No
CVE-2023-21757 Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No
CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important 7 No No
CVE-2023-21728 Windows Netlogon Denial of Service Vulnerability Important 7.5 No No
CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability Important 4.7 No No
CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability Important 5.3 No No
CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important 3.3 No No
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No
Lookin

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”); }); } catch (error) {}
try { window._mNHandle.queue.push(function (){ window._mNDetails.loadTag(“816788371”, “300×250”, “816788371”); }); } catch (error) {}

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)

The post Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day appeared first on Security Affairs.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter