Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release

The Hacker News
#vulnerability#web#android#windows#google#microsoft#ubuntu#linux#debian#cisco#red_hat#git#oracle#intel#rce#samba#ssrf#lenovo#amd#auth#ibm#dell#zero_day#chrome#sap#The Hacker News

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild.

11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release updates for its Chromium-based Edge browser.

The vulnerability that’s under attack relates to CVE-2023-21674 (CVSS score: 8.8), a privilege escalation flaw in Windows Advanced Local Procedure Call (ALPC) that could be exploited by an attacker to gain SYSTEM permissions.

“This vulnerability could lead to a browser sandbox escape,” Microsoft noted in an advisory, crediting Avast researchers Jan Vojtěšek, Milánek, and Przemek Gmerek for reporting the bug.

While details of the vulnerability are still under wraps, a successful exploit requires an attacker to have already obtained an initial infection on the host. It is also likely that the flaw is combined with a bug present in the web browser to break out of the sandbox and gain elevated privileges.

“Once the initial foothold has been made, attackers will look to move across a network or gain additional higher levels of access and these types of privilege escalation vulnerabilities are a key part of that attacker playbook,” Kev Breen, director of cyber threat research at Immersive Labs, said.

That having said, the chances that an exploit chain like this is employed in a widespread fashion is limited owing to the auto-update feature used to patch browsers, Satnam Narang, senior staff research engineer at Tenable, said.

It’s also worth noting that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to apply patches by January 31, 2023.

What’s more, CVE-2023-21674 is the fourth such flaw identified in ALPC – an inter-process communication (IPC) facility provided by the Microsoft Windows kernel – after CVE-2022-41045, CVE-2022-41093, and CVE-2022-41100 (CVSS scores: 7.8), the latter three of which were plugged in November 2022.

Two other privilege escalation vulnerabilities identified as being of high priority affect Microsoft Exchange Server (CVE-2023-21763 and CVE-2023-21764, CVSS scores: 7.8), which stem from an incomplete patch for CVE-2022-41123, according to Qualys.

“An attacker could execute code with SYSTEM-level privileges by exploiting a hard-coded file path,” Saeed Abbasi, manager of vulnerability and threat research at Qualys, said in a statement.

Also resolved by Microsoft is a security feature bypass in SharePoint Server (CVE-2023-21743, CVSS score: 5.3) that could permit an unauthenticated attacker to circumvent authentication and make an anonymous connection. The tech giant noted, “customers must also trigger a SharePoint upgrade action included in this update to protect their SharePoint farm.”

The January update further remediates a number of privilege escalation flaws, including one in Windows Credential Manager (CVE-2023-21726, CVSS score: 7.8) and three affecting the Print Spooler component (CVE-2023-21678, CVE-2023-21760, and CVE-2023-21765).

The U.S. National Security Agency (NSA) has been credited with reporting CVE-2023-21678. In all, 39 of the vulnerabilities that Microsoft closed out in its latest update enable the elevation of privileges.

Rounding up the list is CVE-2023-21549 (CVSS score: 8.8), a publicly known elevation of privilege vulnerability in the Windows SMB Witness Service, and another instance of security feature bypass impacting BitLocker (CVE-2023-21563, CVSS score: 6.8).

“A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device,” Microsoft said. “An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.”

Furthermore, Redmond has updated its guidance regarding the malicious use of signed drivers (called Bring Your Own Vulnerable Driver) to include an updated block list released as part of Windows security updates on January 10, 2023.

CISA on Tuesday also added CVE-2022-41080, an Exchange Server privilege escalation flaw, to the KEV catalog following reports that the vulnerability is being chained alongside CVE-2022-41082 to achieve remote code execution on vulnerable systems.

The exploit, codenamed OWASSRF by CrowdStrike, has been leveraged by the Play ransomware actors to breach target environments. The defects were fixed by Microsoft in November 2022.

The Patch Tuesday updates also arrive as Windows 7, Windows 8.1, and Windows RT reached end of support on January 10, 2023. Microsoft said it won’t be offering an Extended Security Update (ESU) program for Windows 8.1, instead urging users to upgrade to Windows 11.

“Continuing to use Windows 8.1 after January 10, 2023 may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations,” the company cautions.

Software Patches from Other Vendors

In addition to Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including —

  • Adobe
  • AMD
  • Android
  • Cisco
  • Citrix
  • Dell
  • F5
  • Fortinet
  • GitLab
  • Google Chrome
  • HP
  • IBM
  • Intel
  • Juniper Networks
  • Lenovo
  • Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
  • MediaTek
  • Qualcomm
  • SAP
  • Schneider Electric
  • Siemens
  • Synology
  • Zoom, and
  • Zyxel

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide

The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North

Microsoft Advisories Are Getting Worse

A predictable patch cadence is nice, but the software giant can do more.

Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware

Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.

New Wave of Cyberattacks Targeting MS Exchange Servers

By Waqas Cybercriminals are leveraging two exploit chains (ProxyNotShell/OWASSRF) to target Microsoft Exchange servers, as warned by Bitdefender Labs. This is a post from HackRead.com Read the original post: New Wave of Cyberattacks Targeting MS Exchange Servers

Microsoft Patch Tuesday January 2023: ALPC EoP, Win Backup EoP, LocalPotato, Exchange, Remote RCEs

Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239115 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Nessus, Rapid7 and ZDI […]

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: CVE-2023-21674 Tags: APLC Tags: CVE-2023-21743 Tags: Sharepoint Tags: CVE-2023-21563 Tags: BitLocker The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges (Read more...) The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.

Microsoft Patch Tuesday, January 2023 Edition

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.

CVE-2023-21726

Windows Credential Manager User Interface Elevation of Privilege Vulnerability.

CVE-2023-21674

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability.

CVE-2023-21765

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21760.

CVE-2023-21764

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21763.

CVE-2023-21763

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21764.

CVE-2023-21760

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21765.

Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 101 vulnerabilities. Of these vulnerabilities, 11 are classified as “Critical”, 89 are classified as “Important”, no vulnerability classified as “Moderate.”

Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 101 vulnerabilities. Of these vulnerabilities, 11 are classified as “Critical”, 89 are classified as “Important”, no vulnerability classified as “Moderate.”

Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone

Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.

Rackspace Sunsets Email Service Downed in Ransomware Attack

The hosting services provider shared new details on the breach that took down its Hosted Exchange Email service.

Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations

The hosting provider had not applied Microsoft's new patch due to publicly reported issues with the update.

Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations With Fresh Exploit

The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers.

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford,

Rackspace confirms it suffered a ransomware attack

Categories: News Categories: Ransomware Tags: Rackspace Tags: Exchange Tags: ransomware Tags: ProxyNotShell Rackspace said a ransomware incident affected its Hosted Exchange environment and caused service disruptions. (Read more...) The post Rackspace confirms it suffered a ransomware attack appeared first on Malwarebytes Labs.

CVE-2022-41123

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080.

CVE-2022-41093

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100.

CVE-2022-41045

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100.

CVE-2022-41123

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVE-2022-41100

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093.

CVE-2022-41080

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.

Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Patch Tuesday, November 2022 Election Edition

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. All vulnerabilities: 105Urgent: 2Critical: 1High: 29Medium: 71Low: 2 Let’s take a look at the most interesting vulnerabilities: Two […]

ProxyNotShell – the New Proxy Hell?

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to

Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

By Deeba Ahmed The latest attack against Exchange servers utilizes at least two new flaws (CVE-2022-41040, CVE-2022-41082) that have been assigned CVSS scores of 6.3 and 8.8. This is a post from HackRead.com Read the original post: Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.

Two new Exchange Server zero-days in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: Exchange Tags: ProxyShell Tags: remote PowerShell Tags: web shell Tags: CVE-2022-41040 Tags: CVE-2022-41082 Tags: SSRF Tags: RCE Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers (Read more...) The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is