Microsoft has released January 2023 Patch Tuesday security updates, addressing 98 vulnerabilities. 11 are classified as critical as they allow the most severe types of vulnerabilities like privilege elevation, security feature bypass, or remote code execution, and 87 are classified as important. The products covered in the January security update include Microsoft Office SharePoint, Windows Advanced Local Procedure Call (ALPC), Microsoft Cryptographic Services, Windows Layer 2 Tunneling Protocol (L2TP), Windows Secure Socket Tunneling Protocol, etc.
This month’s Patch Tuesday fixes one zero-day vulnerability that is known to be actively exploited (CVE-2023-21674).
CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
This vulnerability is classified as critical and has a CVSSv3.1 score of 8.8 out of 10. This vulnerability is a sandbox escape vulnerability that can lead to the elevation of privileges. Successful exploitation of this vulnerability can lead an attacker to gain SYSTEM privileges.
CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability
This vulnerability has a CVSSv3.1 score of 5.3 out of 10. An unauthenticated, remote attacker can exploit the flaw to bypass the protection in SharePoint. Successful exploitation can lead an attacker to launch and establish an anonymous connection to the targeted SharePoint server.
CVE-2023-21551, CVE-2023-21561, CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability
These vulnerabilities have a CVSSv3.1 score range from 7.8 to 8.8 out of 10. The locally authenticated attacker who sends specially crafted data to the local CSRSS service is required. Successful exploitation can lead attackers to elevate their privileges from an AppContainer environment to SYSTEM access.
CVE-2023-21556, CVE-2023-21555, CVE-2023-21543, CVE-2023-21546, CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
These vulnerabilities have a CVSSv3.1 score of 8.1 out of 10. A remote attacker can send a specially crafted connection request to a Remote Access Server and exploit this vulnerability. It can lead an attacker to remote code execution on the Remote Access Server machine.
CVE-2023-21548, CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
These vulnerabilities have a CVSSv3.1 score of 8.1 out of 10. An attacker sends a specially crafted malicious SSTP packet to an SSTP server for exploitation on the server side by remote code execution.
Microsoft security bulletin summary for January 2023
- .NET Core
- 3D Builder
- Azure Service Fabric Container
- Microsoft Bluetooth Driver
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Local Security Authority Server (lsasrv)
- Microsoft Message Queuing
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft WDAC OLE DB provider for SQL
- Visual Studio Code
- Windows ALPC
- Windows Ancillary Function Driver for WinSock
- Windows Authentication Methods
- Windows Backup Engine
- Windows Bind Filter Driver
- Windows BitLocker
- Windows Boot Manager
- Windows Credential Manager
- Windows Cryptographic Services
- Windows DWM Core Library
- Windows Error Reporting
- Windows Event Tracing
- Windows IKE Extension
- Windows Installer
- Windows Internet Key Exchange (IKE) Protocol
- Windows iSCSI
- Windows Kernel
- Windows Layer 2 Tunneling Protocol
- Windows LDAP – Lightweight Directory Access Protocol
- Windows Local Security Authority (LSA)
- Windows Local Session Manager (LSM)
- Windows Malicious Software Removal Tool
- Windows Management Instrumentation
- Windows MSCryptDImportKey
- Windows NTLM
- Windows ODBC Driver
- Windows Overlay Filter
Product: Microsoft Windows
CVEs/Advisory: CVE-2023-21524, CVE-2023-21525, CVE-2023-21527, CVE-2023-21532, CVE-2023-21535, CVE-2023-21536, CVE-2023-21537, CVE-2023-21539, CVE-2023-21540, CVE-2023-21541, CVE-2023-21542, CVE-2023-21543, CVE-2023-21546, CVE-2023-21547, CVE-2023-21548, CVE-2023-21549, CVE-2023-21550, CVE-2023-21551, CVE-2023-21552, CVE-2023-21555, CVE-2023-21556, CVE-2023-21557, CVE-2023-21558, CVE-2023-21559, CVE-2023-21560, CVE-2023-21561, CVE-2023-21563, CVE-2023-21674, CVE-2023-21675, CVE-2023-21676, CVE-2023-21677, CVE-2023-21678, CVE-2023-21679, CVE-2023-21680, CVE-2023-21681, CVE-2023-21682, CVE-2023-21683, CVE-2023-21724, CVE-2023-21726, CVE-2023-21728, CVE-2023-21730, CVE-2023-21732, CVE-2023-21733, CVE-2023-21739, CVE-2023-21746, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21752, CVE-2023-21753, CVE-2023-21754, CVE-2023-21755, CVE-2023-21757, CVE-2023-21758, CVE-2023-21759, CVE-2023-21760, CVE-2023-21765, CVE-2023-21766, CVE-2023-21767, CVE-2023-21768, CVE-2023-21771, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774, CVE-2023-21776
Impact: Denial of Service, Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution, and Security Feature Bypass.
KB’s: 5022282, 5022286, 5022287, 5022289, 5022291, 5022297, 5022303, 5022343, 5022346, 5022348, 5022352
Product: Microsoft Office
CVEs/Advisory: CVE-2023-21734, CVE-2023-21735, CVE-2023-21736, CVE-2023-21737, CVE-2023-21738, CVE-2023-21741, CVE-2023-21742, CVE-2023-21743, CVE-2023-21744
Impact: Information Disclosure, Remote Code Execution, Security Feature Bypass
KB’s: 5002329, 5002331, 5002332, 5002335, 5002336, 5002337, 5002338
Product: Microsoft SharePoint
Impact: Security Feature Bypass
SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure.