Today part of January 2023 Microsoft Patch Tuesday the company addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity. And the highlight are zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.
- 39 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 33 Remote Code Execution Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
The January 2023 edition of Patch Tuesday brings us 98 fixes, with 11 rated as critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing.
Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.
CVE-2023-21674 Windows Zero-Day security vulnerability CVE-2023-21674 is an elevation of privilege vulnerability that impacts the Windows Advanced Local Procedure Call (ALPC) and this could lead to a browser sandbox escape. An attacker successfully exploiting this vulnerability could gain elevated privileges. Microsoft said.
CVE-2023-21743 – Microsoft SharePoint Server Security Feature Bypass Vulnerability. affects the security features of the Microsoft SharePoint Server and has been rated as critical. An unauthenticated, remote attacker may exploit this vulnerability to launch and establish an anonymous connection to the concerned SharePoint server, thereby bypassing security criteria.
CVE-2023-21763 – CVE-2023-21764 – Microsoft Exchange Server Elevation of Privilege Vulnerability. This vulnerability arises from failing to patch a previously identified issue, designated as CVE-2022-41123, properly. Due to a hard-coded file path, a local attacker may be able to load their own DLL and execute code with SYSTEM-level privileges
CVE-2023-21730, CVE-2023-21561, CVE-2023-21551 – Microsoft Cryptographic Services Elevation of Privilege Vulnerability. These vulnerabilities can be exploited by a locally authenticated attacker who sends specially crafted data to the local CSRSS service. This allows attackers to elevate their privileges from an AppContainer environment to SYSTEM-level access.
CVE-2023-21535, CVE-2023-21548 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. These vulnerabilities can be exploited by an attacker who sends a specially crafted malicious SSTP packet to an SSTP server. This could result in remote code execution on the server side.
Windows and Patch Tuesday for November 2022
Today part of Microsoft January 2023 Patch Tuesday the company has released new cumulative updates for all supported devices, including windows server and client OS as well.
As part of extended support, Microsoft fixes 40 vulnerabilities in Windows 7 where eight flaws are rated critical. Windows 8.1 is also affected by the same issues 48 vulnerabilities: 9 critical and 39 important.
Five Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
Two Microsoft Cryptographic Services Elevation of Privilege Vulnerability
One Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-21548
- Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-21535 (windows 8.1)
Windows 10 22H2 and 21H2 is the victim of 63 vulnerabilities, 10 of which are critical. Once again we find the same flaws as those affecting Windows 7/ 8.1 and a Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21551
Windows 11 and Windows 11 22H2 are victims of the same security problems as Windows 10. We thus have 64 vulnerabilities of which 10 are critical and 54 important.
Windows 11 version 22H2 come with fixes for two major bugs, first of them affects the Local Session Manager, also known as LSM, while the second resolves a glitch impacting SQL servers.
All this little world is corrected through various cumulative updates
- KB5022338 and KB5022339 –> Windows 7 SP1 and Windows Server 2008 R2,
- KB5022352 and KB5022346 -> Windows 8.1 and Windows Server 2012 R2,
- KB5022282 -> Windows 10 22H2 and 21H2, KB5022286 for version 1809
- KB5022287 -> Windows 11
- KB5022303 -> Windows 11 22H2
You can search for windows updates and hit the check for updates button to get the latest windows updates installed on your device.
Here are the direct links for a download and a manual installation.
If you are looking to download windows 10 ISO, you can get it from here.
- Find Out Which Windows 10 Version Build and Edition you have installed
- Solved: Ntoskrnl.exe High CPU usage on Windows 10
- Windows 10 freezes after update? try these solutions to fix it
- Solved: Windows Update Error 0x80d02002 in Windows 10
- Windows 10 Search Not Working? Try these solutions to get solved