Security Guidance

Microsoft Patch Tuesday: January 2023

January 11, 2023

Patch Tuesday Infographic

Microsoft Patch Tuesday: January 2023

Starting the year off with January’s Patch Tuesday, it appears this is a much bigger batch of updates compared to December. A total of 98 vulnerabilities have been fixed in the latest instalment, with 11 critical, 1 publicly disclosed and 1 exploited in the wild. While 98 vulnerabilities is higher than we are used to seeing from Microsoft's monthly rollout, it has been a quiet month for public disclosures and active exploitation.

January’s instalment includes patches for some key services such as:

• Microsoft Bluetooth Driver

• Microsoft Exchange Server

• Microsoft Local Security Authority Server (lsasrv)

• Microsoft Office

• Visual Studio Code

• Windows BitLocker

• Windows Credential Manager

• Windows Kernel

• Windows LDAP - Lightweight Directory Access Protocol

• Windows Malicious Software Removal Tool

• Windows MSCryptDImportKey

• Windows NTLM

• Windows Point-to-Point Tunneling Protocol

• Windows Print Spooler Components

• Windows RPC API

• Windows Secure Socket Tunneling Protocol (SSTP)

• Windows Task Scheduler

• Windows Virtual Registry Provider

CVE-2023-21743: Microsoft SharePoint Server Security Feature Bypass Vulnerability

Listed as critical, an unauthenticated attacker could bypass authentication and make an anonymous connection. This vulnerability has been reported by Microsoft to have low complexity and be easy to exploit. Further information about this vulnerability has been restricted due to its low complexity and potential impact.

CVE-2023-21535 and CVE-2023-21548: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerabilities

These critical vulnerabilities could allow for an unauthenticated attacker to conduct remote code execution on a windows machine. An attacker would need to send a specially crafted malicious SSTP packet to an SSTP server however a race condition must be won for successful exploitation.

CVE-2023-21674: Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

With a CVSS of 8.8, this important vulnerability has been seen to be exploited in the wild. This vulnerability would allow an attacker to escape a sandbox environment, leading to privilege escalation. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges" reports Microsoft’s advisory however specifics around the vulnerability haven’t been disclosed.

CVE-2023-21549: Windows SMB Witness Service Elevation of Privilege Vulnerability

This important publicly disclosed vulnerability would allow an attacker to execute RPC functions that are restricted to privileged accounts only. This required the attacker to send a specially crafted malicious script that executes an RPC call to an RPC host. This could result in the elevation of privilege on the server.

CVE-2023-21678, CVE-2023-21760, and CVE-2023-21765: Windows Print Spooler Elevation of Privilege Vulnerabilities

Print spooler continues to be a problem for Microsoft as consecutive months have gone by with new vulnerabilities being patched. The latest vulnerabilities are all important elevation of privilege vulnerabilities that would allow an attacker to gain greater control over a system.

CVE-2023-21763 and CVE-2023-21764: Microsoft Exchange Server Elevation of Privilege Vulnerability

Two vulnerabilities have been identified and patched to do with privilege escalation on Microsoft Exchange Server. These two vulnerabilities are a result of an incomplete patch from CVE-2022-41123 in November. As a result, a successful attack would result in SYSTEM privileges to the attacker.

Important Notes

January 2023 marks the end of extended support for Windows 7and Windows 8.1. Both operating systems have received their final update this month and will no longer be supported by Microsoft, this means any machines running these operating systems may increase an organization’s exposure to security risks. We advise any organisations using machines running Windows 7 or 8.1 to update immediately to Windows 10 or 11 to continue to receive security updates for their machines.

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan

Security update guide: https://msrc.microsoft.com/update-guide/

Author

Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.

Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.

SUBSCRIBE

Ironshare is a provider of Information and Cyber Security services.

we went with; wizard pi