It's Microsoft's first 2023 Patch Day, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.
It's Microsoft's first 2023 Patch Day, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.
Microsoft gave the vulnerabilities this severity rating as they allow remote code execution, bypass security features, or elevate privileges.
The number of bugs in each vulnerability category is listed below:
- 39 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 33 Remote Code Execution Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
One zero-day fixed
This month's Patch Tuesday fixes one zero-day vulnerability, one actively exploited and the other publicly disclosed.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The actively exploited zero-day vulnerability fixed in today's updates is:
CVE-2023-21674 - Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability discovered by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast.
Microsoft states that this is a Sandbox escape vulnerability that can lead to the elevation of privileges.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," explains Microsoft's advisory.
Avast shared the following information about the zero-day with BleepingComputer:
"We have discovered the zero-day by using our anti-exploit engine, which monitors for suspicious application behavior and detects indicators of ongoing exploitation activity. We observed an active exploitation of the vulnerability, and also can say that the vulnerability is likely part of a longer infection chain through browser, because for the CVE-2023-21674 exploit to work, the attackers already had to somehow obtain the ability to run arbitrary native code inside a sandboxed renderer process. This is something that is normally not possible against a fully patched browser unless the attackers possess a separate renderer 0-day exploit. However, we do not have the full chain." - Avast.
Microsoft also stated that 'CVE-2023-21549 - Windows SMB Witness Service Elevation of Privilege Vulnerability' was publicly disclosed.
However, we were told by Akamai security researcher Stiv Kupchik that they followed the regular disclosure process and the vulnerability should not be classified as publicly disclosed.
Recent updates from other companies
Other vendors who released updates in January 2023 include:
- Adobe released security updates for numerous products.
- Cisco released security updates for Cisco Identity Services.
- Fortinet released security updates for various products.
- Intel released a security update for oneAPI Toolkits.
- SAP has released its January 2023 Patch Day updates.
- Synology released a security update for its Synology VPN Plus Server.
The January 2023 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the January 2023 Patch Tuesday updates.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core | CVE-2023-21538 | .NET Denial of Service Vulnerability | Important |
| 3D Builder | CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | Important |
| 3D Builder | CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | Important |
| Azure Service Fabric Container | CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2023-21779 | Visual Studio Code Remote Code Execution | Important |
| Windows ALPC | CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Authentication Methods | CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | Important |
| Windows Backup Engine | CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Windows Bind Filter Driver | CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows BitLocker | CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Credential Manager | CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21559 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows Error Reporting | CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows IKE Extension | CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows Installer | CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important |
| Windows iSCSI | CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | Important |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important |
| Windows Local Session Manager (LSM) | CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Important |
| Windows Malicious Software Removal Tool | CVE-2023-21725 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | Important |
| Windows Management Instrumentation | CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows NTLM | CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | Important |
| Windows ODBC Driver | CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
| Windows Overlay Filter | CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | Important |
| Windows Overlay Filter | CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Service L2TP Driver | CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | Important |
| Windows RPC API | CVE-2023-21525 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Smart Card | CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Important |
| Windows Task Scheduler | CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Virtual Registry Provider | CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Workstation Service | CVE-2023-21549 | Windows SMB Witness Service Elevation of Privilege Vulnerability | Important |
