News

Microsoft Kicks off 2023 with a 98 Flaw Security Patch

The first Patch Tuesday arrived this week, featuring 98 fixes for security issues across Microsoft's wide line of products and services.

While January's patch is a large one, doubling the size of December's 49 flaw total, there is only one zero-day flaw to contend with, compared to two from last month.

 That being said, the zero-day flaw (CVE-2023-21674) should be the top priority when patching this month. It deals with an elevation of privilege issue in Windows advanced local procedure call (ALPC), and affects all supported versions of Windows.

Microsoft has already seen this hole being exploited in the wild. However, the nature of the flaw has yet to be publicly disclosed. Despite that, IT should still make it a top priority, as exploiting it should be relatively simple, according to Mike Walters, VP of Vulnerability and Threat Research at Action1.

"It has low complexity, uses the local vector, and requires low privileges and no user interaction," said Walters. It affects all Windows OS versions starting from Windows 8.1 and Windows Server 2012 R2."

Walters went on to say that due to the flaw being baked in to every version of Windows, "this flaw affects millions of organizations" and could lead to system wide access by attackers.

Once that's resolved, IT should turn its attention to two elevation of privilege flaws in Microsoft Exchange Server (CVE-2023-21763 and CVE-2023-21764). According to Microsoft, "an attacker who successfully exploited this vulnerability could gain SYSTEM privileges."

Despite both bulletins being rated only "important," the widespread use of Exchange servers in enterprises means IT should prioritize these items as soon as possible.

January 'Critical' Items
After the three items above have been addressed, it would be wise to focus on the 11 bulletins rated "critical" for December. They include:

  • CVE-2023-21561: Elevation of privilege vulnerability in Microsoft Cryptographic Services.
  • CVE-2023-21551: Elevation of privilege vulnerability in Microsoft Cryptographic Services.
  • CVE-2023-21730: Elevation of privilege vulnerability in Microsoft Cryptographic Services.
  • CVE-2023-21743: Security feature bypass vulnerability in Microsoft SharePoint.
  • CVE-2023-21543: Remote code execution vulnerability in Windows Layer 2 Tunneling Protocol (L2TP).
  • CVE-2023-21546: Remote code execution vulnerability in Windows Layer 2 Tunneling Protocol (L2TP).
  • CVE-2023-215455: Remote code execution vulnerability in Windows Layer 2 Tunneling Protocol (L2TP).
  • CVE-2023-2154556: Remote code execution vulnerability in Windows Layer 2 Tunneling Protocol (L2TP).
  • CVE-2023-21679: Remote code execution vulnerability in Windows Layer 2 Tunneling Protocol (L2TP).
  • CVE-2023-21535: Elevation of privilege vulnerability in Microsoft Cryptographic Services.
End of Security Support
January also marks the end of the road for security updates on a handful of Microsoft products. Windows 7, Windows Server 2008, and Windows Server 2008 R2 has ended its extended support and will no longer be featured in the monthly patch release. One exception: those running Windows Server 2008 R2 in Azure will receive an additional year of support.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

comments powered by Disqus

Subscribe on YouTube