Headline
Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability
Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday
Tags: CVE-2023-21674
Tags: APLC
Tags: CVE-2023-21743
Tags: Sharepoint
Tags: CVE-2023-21563
Tags: BitLocker
The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges
(Read more…)
The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.
The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild.
This is also the last time we expect to see fixes for Windows 8.1 included, since the support for Windows 8.1 ended January 10, 2023.
ALPC
Let’s start with the vulnerability that was found to be actively exploited in the wild. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The actively exploited vulnerability is listed as CVE-2023-21674.
The flaw is an Elevation of Privilege (EoP) vulnerability in the Windows Advanced Local Procedure Call (ALPC). ALPC is an inter-process communication (IPC) facility provided by the Microsoft Windows kernel. The ALPC is an ideal attack surface for EoP vulnerabilities since it helps client processes communicate with server processes. So a vulnerability in this facility could be used to give a malicious client process the permissions of a service process, which are often SYSTEM privileges.
An EoP vulnerability by itself is not always of much use to an attacker, unless they can use the gained privileges to further compromise the target system. So it is likely that is has been spotted in the wild in combination or in a chain with other vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its catalog of actively exploited vulnerabilities, urging federal agencies to apply patches by January 31, 2023.
SharePoint Server
Another vulnerability that deserves your immediate attention if you’re a Microsoft SharePoint Server user, is listed as CVE-2023-21743—a SharePoint Server security feature bypass vulnerability. In a network-based attack, an unauthenticated attacker could bypass authentication and make an anonymous connection. According to Microsofts’ description, exploitation is more likely and exploitation requires no user interaction.
It is very important to note that users have to trigger a SharePoint upgrade action, which is included in this update, to protect their SharePoint farm. The upgrade action can be triggered by running the SharePoint Products Configuration Wizard, the Upgrade-SPFarm PowerShell cmdlet, or the "psconfig.exe -cmd upgrade -inplace b2b" command on each SharePoint server after installing the update.
BitLocker
Another interesting one, albeit only for those that use BitLocker, is CVE-2023-21563, a BitLocker security feature bypass vulnerability. BitLocker is a Windows volume encryption technology that protects your data from unauthorized access by encrypting your drive. Many travellers and remote workers trust BitLocker to keep sensitive data safe from prying eyes in case a laptop is lost or stolen. This flaw allows a successful attacker to bypass the BitLocker Device Encryption feature on the system storage device. Which means an attacker with physical access to the target system could exploit this vulnerability to gain access to encrypted data.
Other updates
Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.
Adobe released four patches to fix vulnerabilities in Acrobat and Reader, InDesign, InCopy, and Dimension software.
Cisco released security updates for its IP Phone 7800 and 8800 phones.
Fortinet published its monthly advisory covering issues in several of their products.
Google patched 60 vulnerabilities in the first Android update of 2023
Intel published a oneAPI Toolkit software advisory.
SAP published 12 new and updated patches.
Synology issued an advisory about a vulnerability that allows remote attackers to execute arbitrary commands through a susceptible version of VPN Plus Server.
Related news
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.
January saw a slew of security patches for iOS, Chrome, Windows, and more.
Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239115 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Nessus, Rapid7 and ZDI […]
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.
Microsoft SharePoint Server Security Feature Bypass Vulnerability.
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.
Microsoft released its monthly security update on Tuesday, disclosing 101 vulnerabilities. Of these vulnerabilities, 11 are classified as “Critical”, 89 are classified as “Important”, no vulnerability classified as “Moderate.”