Microsoft January 2023 Patch Tuesday Fixes
In Microsoft January 2023 Patch Tuesday, Microsoft continued fixing a significant number of security vulnerabilities in its products, after a minor release in December 2022. In addition to Windows 10 and 11, only Windows 7 and Windows 8 are supported by the most current versions. In all, they close 98 security weaknesses, one of which may be rather severe. In addition to Windows, the list of impacted features, roles, and products for the January 2023 Patch Tuesday includes the.NET Core platform, Azure, Microsoft Office, Exchange, Visual Studio Code, and other programs. Multiple Windows subsystems need maintenance, including BitLocker, the OS boot manager, Cryptographic Services, the kernel, and Print Spooler Components. for December 2022 patch Tuesday, follow this link.
Since the discovery of PrintNightmare in 2021, Microsoft has been slowly repairing Print Spooler, and this month is no exception. The three elevation of privilege vulnerabilities affecting the component were fixed this month, however one of the vulnerabilities, CVE-2023-21678, was published by the U.S. National Security Agency.
This follows a similar pattern to that of the previous year, when the agency had three Print Spooler problems between May and October. A very good written article about patch Tuesday in this link.
Microsoft’s first Patch Tuesday updates of 2023 addressed 98 vulnerabilities, one of which was being exploited in the wild, according to the firm. The document describes a total of 98 vulnerabilities, 11 of which are deemed Critical and 87 of which are deemed Important. It is anticipated that Microsoft will separately release upgrades for the Chromium-based Edge browser.
An attacker might acquire SYSTEM privileges by exploiting CVE-2023-21674, a bug in Windows’s Advanced Local Procedure Call (ALPC) that is exploitable through CVE-2023-21674. Although the specifics of the vulnerability are yet unknown, an attacker must already have a foothold on the host in order to exploit it successfully. The vulnerability might possibly be used with a browser weakness to circumvent the sandbox and get root capabilities.
Kev Breen, head of cyber threat research at Immersive Labs, said, “Once a foothold has been established, attackers may attempt to traverse a network or get greater levels of access, and privilege escalation vulnerabilities are a significant part of their playbook. According to Satnam Narang, senior staff research engineer at Tenable, the auto-update process used to patch browsers lessens the likelihood that a similar attack chain will be widely distributed. The Cybersecurity and Infrastructure Security Agency of the United States (CISA) has added the weakness to its list of “Known Exploitable Vulnerabilities” (KEV), suggesting that government entities fix the problem by January 31, 2023.
In addition, CVE-2023-21674 is the fourth comparable vulnerability reported in ALPC, an IPC function supplied by the Microsoft Windows kernel, after CVE-2022-41045, CVE-2022-41093, and CVE-2022-41100, which were all addressed in November 2022.
Microsoft Exchange Server, according to Qualys, is susceptible to two more privilege escalation vulnerabilities due to an insufficient fix for CVE-2022-41123. Also resolved by Microsoft is a security feature bypass in SharePoint Server that could permit an unauthenticated attacker to circumvent authentication and make an anonymous connection. The tech giant noted “customers must also trigger a SharePoint upgrade action included in this update to protect their SharePoint farm.
Several privilege escalation vulnerabilities, including three in the Print Spooler subsystem and one in Windows Credential Manager, were also addressed in the January update. CVE-2023-21678 was reportedly leaked by the National Security Agency of the United States (NSA). 39 of the forty vulnerabilities patched in Microsoft’s most recent release permit escalated access.CVE-2023-21549 is a publicly disclosed privilege escalation flaw in the Windows SMB Witness Service that affects Bit Locker.
Microsoft asserts that an adversary may overcome the Bit Locker Device Encryption safeguards on a system’s storage device. Using this vulnerability, an attacker with physical access to the target might steal encrypted data. Microsoft will deploy a new block list on January 10, 2023, as part of Windows security upgrades, in response to malicious use of signed drivers, as advocated by Redmond in its amended Bring Your Own Vulnerable Driver guidance.
CISA added CVE-2022-41080, an Exchange Server privilege escalation problem, to the KEV catalogue on Tuesday after receiving accusations that the bug is being chained with CVE-2022-41082 to allow remote code execution on susceptible computers. Crowd Strike has dubbed this vulnerability OWASSRF. The criminals behind the Play ransom ware used it to get access to their intended computers. In November of 2022, Microsoft published fixes for the problems. On January 10, 2023, the last Patch Tuesday updates for Windows 7, Windows 8.1, and Windows RT will be released. Microsoft advised customers to update to Windows 11 in lieu of providing ESU software for Windows 8.1. Continuing to use Windows 8.1 beyond January 10, 2023, may raise an organization’s susceptibility to security threats or hinder its ability to comply with regulatory requirements, the firm said.
These two vulnerabilities were discovered by a ZDI researcher as a result of the elevation of privilege problem CVE-2022-41123, which Microsoft published and patched in the November Patch Tuesday releases but failed to do so in time. ZDI indicates that a local attacker might get SYSTEM privileges by loading their own DLL from a hardcoded location. ZDI states in a blog post that a recent analysis revealed around 70,000 unpatched Exchange servers that were accessible from the internet. If you are using Exchange on-premises, you should install all available solutions promptly and trust that Microsoft has solved these security concerns effectively this time.
Since the discovery of Print Nightmare in 2021, Microsoft has been slowly repairing Print Spooler, and this month is no exception. The three elevation of privilege vulnerabilities affecting the component were fixed this month, however one of the vulnerabilities, CVE-2023-21678, was published by the U.S. National Security Agency. This follows a similar pattern to that of the previous year, when the agency had three Print Spooler problems between May and October.