September 22, 2023

Microsoft patched 98 CVEs in its January 2023 Patch Tuesday Release, with 11 rated as critical, and 87 rated as important.

This month’s update includes patches for:

  • .NET Core
  • 3D Builder
  • Azure Service Fabric Container
  • Microsoft Bluetooth Driver
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Message Queuing
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft WDAC OLE DB provider for SQL
  • Visual Studio Code
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Authentication Methods
  • Windows Backup Engine
  • Windows Bind Filter Driver
  • Windows BitLocker
  • Windows Boot Manager
  • Windows Credential Manager
  • Windows Cryptographic Services
  • Windows DWM Core Library
  • Windows Error Reporting
  • Windows Event Tracing
  • Windows IKE Extension
  • Windows Installer
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows iSCSI
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows Local Security Authority (LSA)
  • Windows Local Session Manager (LSM)
  • Windows Malicious Software Removal Tool
  • Windows Management Instrumentation
  • Windows MSCryptDImportKey
  • Windows NTLM
  • Windows ODBC Driver
  • Windows Overlay Filter
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Remote Access Service L2TP Driver
  • Windows RPC API
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Smart Card
  • Windows Task Scheduler
  • Windows Virtual Registry Provider
  • Windows Workstation Service

Windows Advanced Local Procedure Call (ALPC) EoP Vulnerability

CVE-2023-21674 is an EoP vulnerability in Windows operating systems with a CVSSv3 score of 8.8 and has been exploited in the wild as a zero day. The vulnerability exists in the Advanced Local Procedure Call (ALPC) functionality. ALPC is a message passing utility in Windows operating systems. When exploited, an attacker can leverage the vulnerability to break out of the sandbox in Chromium and gain kernel-level execution privileges.

Windows Cryptographic Services EoP Vulnerability

CVE-2023-21730 is an EoP in Windows operating systems that received a CVSSv3 score of 7.8. The vulnerability exists in Windows Cryptographic Services, a suite of cryptographic utilities in Windows operating systems. The vulnerability can be exploited by a remote, unauthenticated attacker. The exploit requires no user interaction and has a low attack complexity. The exploitation is less likely.

Advertisements

Windows Print Spooler EoP Vulnerabilities

CVE-2023-21760, CVE-2023-21765, and CVE-2023-21678 are EoP vulnerabilities in Windows Print Spooler. The three vulnerabilities were assigned a CVSSv3 score of 7.8 and are rated as Exploitation Less Likely.

CVE-2023-21678 was disclosed to Microsoft by the National Security Agency (NSA). This continues a trend observed last year, where the NSA disclosed three vulnerabilities in Print Spooler, beginning with CVE-2022-29104 and CVE-2022-29132 in May 2022 and leading to CVE-2022-38028 in O​​ctober 2022.

Windows Layer 2 Tunnelling Protocol (L2TP) RCE Vulnerabilities

CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556 and CVE-2023-21679 are RCE vulnerabilities in Windows operating systems, all given a CVSSv3 score of 8.1. The vulnerabilities can be exploited by a remote, unauthenticated attacker targeting a machine acting as a Remote Access Server. However, the vulnerabilities have a high attack complexity, meaning the attacker will have to perform actions on the target prior to exploitation for it to be successful.

Microsoft Exchange Server EoP Vulnerabilities

CVE-2023-21763 and CVE-2023-21764 are EoP vulnerabilities in Microsoft Exchange Server that received CVSSv3 scores of 7.8 and could grant an authenticated attacker SYSTEM privilege. Microsoft has rated these as Exploitation Less Likely.

Microsoft SharePoint Server Security Feature Bypass Vulnerability

The recently discovered vulnerability, designated as CVE-2023-21743, affects the security features of the Microsoft SharePoint Server and has been rated as critical. An unauthenticated, remote attacker may exploit this vulnerability to launch and establish an anonymous connection to the concerned SharePoint server, thereby bypassing security criteria.

As a result, it is highly advised that system administrators take prompt action to mitigate this vulnerability and upgrade the affected SharePoint Server using the update provided.

Advertisements

Microsoft Exchange Server Spoofing Vulnerabilities

CVE-2023-21745 and CVE-2023-21762 are spoofing vulnerabilities in Microsoft Exchange Server that both received CVSSv3 score of 8.0. However, these flaws have distinct characteristics from one another.

CVE-2023-21745 can be exploited by an adjacent attacker  either via the local area network, or over the internet  and was rated Exploitation More Likely.

CVE-2023-21762 also requires an adjacent attacker but is restricted to a shared physical or local network, or an otherwise limited administrative domain. Successful exploitation could lead to disclosure of New Technology LAN Manager (NTLM) hashes and NTLM relay attacks.

Windows NTLM EoP Vulnerability

CVE-2023-21746 is an EoP vulnerability in Windows NTLM with  a CVSSv3 score of 7.8 and was rated “Exploitation Less Likely.” Successful exploitation would allow an attacker to gain SYSTEM privileges.

End of Windows 7 security patches

This Patch Tuesday release also marked the end of Microsoft’s support for Windows 7 as the company focused on Windows 11. Support ended in January 2020, but the company kept security updates flowing for Microsoft 365 on Windows 7 devices until this month.

Advertisements

Microsoft patch Tuesday January 2023 Summary

CVE IDCVE TitleSeverity
CVE-2023-21743Microsoft SharePoint Server Security Feature Bypass VulnerabilityCritical
CVE-2023-21551Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical
CVE-2023-21561Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical
CVE-2023-21730Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical
CVE-2023-21556Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
CVE-2023-21555Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
CVE-2023-21543Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
CVE-2023-21546Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
CVE-2023-21679Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical
CVE-2023-21548Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
CVE-2023-21535Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
CVE-2023-21538.NET Denial of Service VulnerabilityImportant
CVE-2023-217823D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217813D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217833D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217843D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217913D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217933D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217863D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217903D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217803D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217923D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217893D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217853D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217873D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-217883D Builder Remote Code Execution VulnerabilityImportant
CVE-2023-21531Azure Service Fabric Container Elevation of Privilege VulnerabilityImportant
CVE-2023-21739Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
CVE-2023-21764Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
CVE-2023-21763Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
CVE-2023-21762Microsoft Exchange Server Spoofing VulnerabilityImportant
CVE-2023-21761Microsoft Exchange Server Information Disclosure VulnerabilityImportant
CVE-2023-21745Microsoft Exchange Server Spoofing VulnerabilityImportant
CVE-2023-21680Windows Win32k Elevation of Privilege VulnerabilityImportant
CVE-2023-21532Windows GDI Elevation of Privilege VulnerabilityImportant
CVE-2023-21552Windows GDI Elevation of Privilege VulnerabilityImportant
CVE-2023-21728Windows Netlogon Denial of Service VulnerabilityImportant
CVE-2023-21537Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
CVE-2023-21734Microsoft Office Remote Code Execution VulnerabilityImportant
CVE-2023-21735Microsoft Office Remote Code Execution VulnerabilityImportant
CVE-2023-21742Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2023-21744Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2023-21741Microsoft Office Visio Information Disclosure VulnerabilityImportant
CVE-2023-21736Microsoft Office Visio Remote Code Execution VulnerabilityImportant
CVE-2023-21737Microsoft Office Visio Remote Code Execution VulnerabilityImportant
CVE-2023-21738Microsoft Office Visio Remote Code Execution VulnerabilityImportant
CVE-2023-21681Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
CVE-2023-21779Visual Studio Code Remote Code ExecutionImportant
CVE-2023-21674Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityImportant
CVE-2023-21768Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
CVE-2023-21539Windows Authentication Remote Code Execution VulnerabilityImportant
CVE-2023-21752Windows Backup Service Elevation of Privilege VulnerabilityImportant
CVE-2023-21733Windows Bind Filter Driver Elevation of Privilege VulnerabilityImportant
CVE-2023-21563BitLocker Security Feature Bypass VulnerabilityImportant
CVE-2023-21560Windows Boot Manager Security Feature Bypass VulnerabilityImportant
CVE-2023-21726Windows Credential Manager User Interface Elevation of Privilege VulnerabilityImportant
CVE-2023-21559Windows Cryptographic Information Disclosure VulnerabilityImportant
CVE-2023-21540Windows Cryptographic Information Disclosure VulnerabilityImportant
CVE-2023-21550Windows Cryptographic Information Disclosure VulnerabilityImportant
CVE-2023-21724Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
CVE-2023-21558Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
CVE-2023-21536Event Tracing for Windows Information Disclosure VulnerabilityImportant
CVE-2023-21758Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
CVE-2023-21683Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
CVE-2023-21677Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
CVE-2023-21542Windows Installer Elevation of Privilege VulnerabilityImportant
CVE-2023-21547Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityImportant
CVE-2023-21527Windows iSCSI Service Denial of Service VulnerabilityImportant
CVE-2023-21755Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21753Event Tracing for Windows Information Disclosure VulnerabilityImportant
CVE-2023-21676Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant
CVE-2023-21557Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
CVE-2023-21524Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
CVE-2023-21771Windows Local Session Manager (LSM) Elevation of Privilege VulnerabilityImportant
CVE-2023-21725Windows Malicious Software Removal Tool Elevation of Privilege VulnerabilityImportant
CVE-2023-21754Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21746Windows NTLM Elevation of Privilege VulnerabilityImportant
CVE-2023-21732Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
CVE-2023-21766Windows Overlay Filter Information Disclosure VulnerabilityImportant
CVE-2023-21767Windows Overlay Filter Elevation of Privilege VulnerabilityImportant
CVE-2023-21682Windows Point-to-Point Protocol (PPP) Information Disclosure VulnerabilityImportant
CVE-2023-21760Windows Print Spooler Elevation of Privilege VulnerabilityImportant
CVE-2023-21765Windows Print Spooler Elevation of Privilege VulnerabilityImportant
CVE-2023-21678Windows Print Spooler Elevation of Privilege VulnerabilityImportant
CVE-2023-21757Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service VulnerabilityImportant
CVE-2023-21525Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
CVE-2023-21759Windows Smart Card Resource Management Server Security Feature Bypass VulnerabilityImportant
CVE-2023-21541Windows Task Scheduler Elevation of Privilege VulnerabilityImportant
CVE-2023-21772Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21748Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21773Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21747Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21776Windows Kernel Information Disclosure VulnerabilityImportant
CVE-2023-21774Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21750Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21675Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21749Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-21549Windows SMB Witness Service Elevation of Privilege VulnerabilityImportant

Leave a Reply

%d bloggers like this: