Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day.

Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; .NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components, and Microsoft Exchange Server.

11 vulnerabilities are rated Critical and 87 are rated Important in severity. 25 of these flaws were submitted through the Zero Day Initiative program.

One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. The flaw is a Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability that could lead to a browser sandbox escape. An attacker can exploit this vulnerability to gain SYSTEM privileges.

“This is the one bug listed as under active attack for this month. It allows a local attacker to escalate privileges from sandboxed execution inside Chromium to kernel-level execution and full SYSTEM privileges.” reads the advisory published by ZDI.

Microsoft is aware of active exploitation of the flaw in the wild, but did not share details about the attacks.

The vulnerability was reported by malware researchers Jan Vojtěšek, Milánek, and Przemek Gmerek from Avast.

Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8) flaw, which is listed as publicly known at the time of release. The issue is a Windows Workstation Service Elevation of Privilege vulnerability.

“To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server.” reads the advisory published by Microsoft. “An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.”

Here’s the full list of flaws addressed by Microsoft Patch Tuesday security updates for January 2023:

CVE	Title	Severity	CVSS	Public	Exploited
CVE-2023-21674	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability	Important	8.8	No	Yes
CVE-2023-21549	Windows Workstation Service Elevation of Privilege Vulnerability	Important	8.8	Yes	No
CVE-2023-21561	Microsoft Cryptographic Services Elevation of Privilege Vulnerability	Critical	8.8	No	No
CVE-2023-21551	Microsoft Cryptographic Services Elevation of Privilege Vulnerability	Critical	7.8	No	No
CVE-2023-21743	Microsoft SharePoint Server Security Feature Bypass Vulnerability	Critical	8.2	No	No
CVE-2023-21730	Windows Cryptographic Services Remote Code Execution Vulnerability	Critical	7.8	No	No
CVE-2023-21543	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	Critical	8.1	No	No
CVE-2023-21546	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	Critical	8.1	No	No
CVE-2023-21555	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	Critical	8.1	No	No
CVE-2023-21556	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	Critical	8.1	No	No
CVE-2023-21679	Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability	Critical	8.1	No	No
CVE-2023-21535	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical	8.1	No	No
CVE-2023-21548	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Critical	8.1	No	No
CVE-2023-21538	.NET Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21780	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21781	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21782	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21784	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21786	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21791	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21793	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21783	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21785	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21787	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21788	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21789	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21790	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21792	3D Builder Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21531	Azure Service Fabric Container Elevation of Privilege Vulnerability	Important	7	No	No
CVE-2023-21563	BitLocker Security Feature Bypass Vulnerability	Important	6.8	No	No
CVE-2023-21536	Event Tracing for Windows Information Disclosure Vulnerability	Important	4.7	No	No
CVE-2023-21753	Event Tracing for Windows Information Disclosure Vulnerability	Important	5.5	No	No
CVE-2023-21547	Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21724	Microsoft DWM Core Library Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21764	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21763	Microsoft Exchange Server Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21761	Microsoft Exchange Server Information Disclosure Vulnerability	Important	7.5	No	No
CVE-2023-21762	Microsoft Exchange Server Spoofing Vulnerability	Important	8	No	No
CVE-2023-21745	Microsoft Exchange Server Spoofing Vulnerability	Important	8	No	No
CVE-2023-21537	Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21732	Microsoft ODBC Driver Remote Code Execution Vulnerability	Important	8.8	No	No
CVE-2023-21734	Microsoft Office Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21735	Microsoft Office Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21741	Microsoft Office Visio Information Disclosure Vulnerability	Important	7.1	No	No
CVE-2023-21736	Microsoft Office Visio Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21737	Microsoft Office Visio Remote Code Execution Vulnerability	Important	7.8	No	No
CVE-2023-21738	Microsoft Office Visio Remote Code Execution Vulnerability	Important	7.1	No	No
CVE-2023-21744	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important	8.8	No	No
CVE-2023-21742	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important	8.8	No	No
CVE-2023-21681	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	Important	8.8	No	No
CVE-2023-21725	Microsoft Windows Defender Elevation of Privilege Vulnerability	Important	6.3	No	No
CVE-2023-21779	Visual Studio Code Remote Code Execution Vulnerability	Important	7.3	No	No
CVE-2023-21768	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21539	Windows Authentication Remote Code Execution Vulnerability	Important	7.5	No	No
CVE-2023-21752	Windows Backup Service Elevation of Privilege Vulnerability	Important	7.1	No	No
CVE-2023-21733	Windows Bind Filter Driver Elevation of Privilege Vulnerability	Important	7	No	No
CVE-2023-21739	Windows Bluetooth Driver Elevation of Privilege Vulnerability	Important	7	No	No
CVE-2023-21560	Windows Boot Manager Security Feature Bypass Vulnerability	Important	6.6	No	No
CVE-2023-21726	Windows Credential Manager User Interface Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21540	Windows Cryptographic Information Disclosure Vulnerability	Important	5.5	No	No
CVE-2023-21550	Windows Cryptographic Information Disclosure Vulnerability	Important	5.5	No	No
CVE-2023-21559	Windows Cryptographic Services Information Disclosure Vulnerability	Important	6.2	No	No
CVE-2023-21525	Windows Encrypting File System (EFS) Denial of Service Vulnerability	Important	5.9	No	No
CVE-2023-21558	Windows Error Reporting Service Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21552	Windows GDI Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21532	Windows GDI Elevation of Privilege Vulnerability	Important	7	No	No
CVE-2023-21542	Windows Installer Elevation of Privilege Vulnerability	Important	7	No	No
CVE-2023-21683	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21677	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21758	Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21527	Windows iSCSI Service Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21755	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21754	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21747	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21748	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21749	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21772	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21773	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21774	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21675	Windows Kernel Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21750	Windows Kernel Elevation of Privilege Vulnerability	Important	7.1	No	No
CVE-2023-21776	Windows Kernel Information Disclosure Vulnerability	Important	5.5	No	No
CVE-2023-21757	Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21557	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21676	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Important	8.8	No	No
CVE-2023-21524	Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21771	Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability	Important	7	No	No
CVE-2023-21728	Windows Netlogon Denial of Service Vulnerability	Important	7.5	No	No
CVE-2023-21746	Windows NTLM Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21767	Windows Overlay Filter Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21766	Windows Overlay Filter Information Disclosure Vulnerability	Important	4.7	No	No
CVE-2023-21682	Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability	Important	5.3	No	No
CVE-2023-21760	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.1	No	No
CVE-2023-21765	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21678	Windows Print Spooler Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21759	Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability	Important	3.3	No	No
CVE-2023-21541	Windows Task Scheduler Elevation of Privilege Vulnerability	Important	7.8	No	No
CVE-2023-21680	Windows Win32k Elevation of Privilege Vulnerability	Important	7.8	No	No
Lookin

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]