Microsoft Releases January 2023 Patch Tuesday, Warns of Zero-Day Exploit!

Microsoft Releases January 2023 Patch: Microsoft has fixed 98 vulnerabilities with its first set of 2023 Patch Tuesday updates, including one that is reportedly being actively exploited by hackers.

Eleven of the 98 problems are considered Critical, while the remaining 87 are considered Important, and one of the vulnerabilities is already public knowledge.

In a separate development, Microsoft is rumored to be preparing new versions of the Edge browser, which is based on Chromium.

CVE-2023-21674 (CVSS score: 8.8) is a privilege escalation flaw in Windows’s Advanced Local Procedure Call (ALPC) that an attacker could exploit to gain full control of a system.

Microsoft acknowledged the bug in an advisory, saying, “This vulnerability could lead to a browser sandbox escape,” with credit going to Avast researchers Jan Vojtek, Milánek, and Przemek Gmerek.

While the specifics of the vulnerability are currently under wraps, an attacker would need to have already successfully infected the host in order to successfully exploit it.

It’s also possible that the vulnerability is used in tandem with a browser bug to escape the sandbox and gain root access.

Microsoft Releases January 2023
Microsoft Releases January 2023

Kev Breen, director of cyber threat research at Immersive Labs, said, “Once the initial foothold has been made, attackers will look to move across a network or gain additional higher levels of access and these types of privilege escalation vulnerabilities are a key part of that attacker playbook.”

However, according to Satnam Narang, senior staff research engineer at Tenable, the chances of widespread use of such an exploit chain are low because of the auto-update feature used to patch browsers.

Further, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the flaw in its catalog of Known Exploited Vulnerabilities (KEV), recommending that federal agencies install patches by January 31, 2023.

After CVE-2022-41045, CVE-2022-41093, and CVE-2022-41100 (all with CVSS scores of 7.8) were patched in November 2022, CVE-2023-21674 is the fourth such flaw found in ALPC, an IPC facility provided by the Microsoft Windows kernel.

As a result of the incomplete patch for CVE-2022-41123, two other high-priority privilege escalation vulnerabilities (CVE-2023-21763 and CVE-2023-21764, CVSS scores: 7.8) affect the Microsoft Exchange Server.

According to Qualys’ manager of vulnerability and threat research, “an attacker could execute code with SYSTEM-level privileges by exploiting a hard-coded file path.”

SharePoint Server had a security flaw that Microsoft patched (CVE-2023-21743, CVSS score: 5.3), which allowed an unauthenticated attacker to avoid authentication and connect anonymously.

As the tech giant put it, “customers must also trigger a SharePoint upgrade action included in this update to protect their SharePoint farm.”

More privilege escalation flaws have been patched in the January update, including one in Windows Credential Manager (CVE-2023-21726, CVSS score: 7.8) and three in the Print Spooler component (CVE-2023-21678, CVE-2023-21760, and CVE-2023-21765).

A vulnerability known as CVE-2023-21678 was disclosed by the United States National Security Agency (NSA). Microsoft patched 39 vulnerabilities that could have allowed for elevated privileges.

CVE-2023-21549 (CVSS score: 8.8) is the final elevation of privilege vulnerability on the list, and it is also another instance of security feature bypass affecting BitLocker (CVE-2023-21563, CVSS score: 6.8).

“A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device,” Microsoft said. “An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.”

Finally, on January 10, 2023, Microsoft updated its block list as part of Windows security updates and revised its guidance on the malicious use of signed drivers (called Bring Your Own Vulnerable Driver).

Following reports that CVE-2022-41080, an Exchange Server privilege escalation flaw, is being chained with CVE-2022-41082 to achieve remote code execution on vulnerable systems, CISA added it to the KEV catalog on Tuesday as well.

According to CrowdStrike, the Play ransomware actors have been using an exploit known as OWASSRF to break into systems.

The defects were fixed by Microsoft in November 2022. The end of extended support for Windows 7, Windows 8.1, and Windows RT occurred on January 10, 2023, and the corresponding Patch Tuesday updates are now available.

Microsoft has announced that the Windows 8.1 Extended Support Update (ESU) program will be discontinued in favor of the Windows 11 upgrade.

“Continuing to use Windows 8.1 after January 10, 2023, may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations,” the company cautioned.

Please keep visiting for updates. Keep our site bookmarked so you can quickly return to check for new content. Like How Apple MicroLED Technology is Revolutionizing the Apple Watch and Beyond?