Headline
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild.
11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release updates for its Chromium-based Edge browser.
The vulnerability that’s under attack relates to CVE-2023-21674 (CVSS score: 8.8), a privilege escalation flaw in Windows Advanced Local Procedure Call (ALPC) that could be exploited by an attacker to gain SYSTEM permissions.
“This vulnerability could lead to a browser sandbox escape,” Microsoft noted in an advisory, crediting Avast researchers Jan Vojtěšek, Milánek, and Przemek Gmerek for reporting the bug.
While details of the vulnerability are still under wraps, a successful exploit requires an attacker to have already obtained an initial infection on the host. It is also likely that the flaw is combined with a bug present in the web browser to break out of the sandbox and gain elevated privileges.
“Once the initial foothold has been made, attackers will look to move across a network or gain additional higher levels of access and these types of privilege escalation vulnerabilities are a key part of that attacker playbook,” Kev Breen, director of cyber threat research at Immersive Labs, said.
That having said, the chances that an exploit chain like this is employed in a widespread fashion is limited owing to the auto-update feature used to patch browsers, Satnam Narang, senior staff research engineer at Tenable, said.
It’s also worth noting that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to apply patches by January 31, 2023.
What’s more, CVE-2023-21674 is the fourth such flaw identified in ALPC – an inter-process communication (IPC) facility provided by the Microsoft Windows kernel – after CVE-2022-41045, CVE-2022-41093, and CVE-2022-41100 (CVSS scores: 7.8), the latter three of which were plugged in November 2022.
Two other privilege escalation vulnerabilities identified as being of high priority affect Microsoft Exchange Server (CVE-2023-21763 and CVE-2023-21764, CVSS scores: 7.8), which stem from an incomplete patch for CVE-2022-41123, according to Qualys.
“An attacker could execute code with SYSTEM-level privileges by exploiting a hard-coded file path,” Saeed Abbasi, manager of vulnerability and threat research at Qualys, said in a statement.
Also resolved by Microsoft is a security feature bypass in SharePoint Server (CVE-2023-21743, CVSS score: 5.3) that could permit an unauthenticated attacker to circumvent authentication and make an anonymous connection. The tech giant noted, “customers must also trigger a SharePoint upgrade action included in this update to protect their SharePoint farm.”
The January update further remediates a number of privilege escalation flaws, including one in Windows Credential Manager (CVE-2023-21726, CVSS score: 7.8) and three affecting the Print Spooler component (CVE-2023-21678, CVE-2023-21760, and CVE-2023-21765).
The U.S. National Security Agency (NSA) has been credited with reporting CVE-2023-21678. In all, 39 of the vulnerabilities that Microsoft closed out in its latest update enable the elevation of privileges.
Rounding up the list is CVE-2023-21549 (CVSS score: 8.8), a publicly known elevation of privilege vulnerability in the Windows SMB Witness Service, and another instance of security feature bypass impacting BitLocker (CVE-2023-21563, CVSS score: 6.8).
“A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device,” Microsoft said. “An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.”
Furthermore, Redmond has updated its guidance regarding the malicious use of signed drivers (called Bring Your Own Vulnerable Driver) to include an updated block list released as part of Windows security updates on January 10, 2023.
CISA on Tuesday also added CVE-2022-41080, an Exchange Server privilege escalation flaw, to the KEV catalog following reports that the vulnerability is being chained alongside CVE-2022-41082 to achieve remote code execution on vulnerable systems.
The exploit, codenamed OWASSRF by CrowdStrike, has been leveraged by the Play ransomware actors to breach target environments. The defects were fixed by Microsoft in November 2022.
The Patch Tuesday updates also arrive as Windows 7, Windows 8.1, and Windows RT reached end of support on January 10, 2023. Microsoft said it won’t be offering an Extended Security Update (ESU) program for Windows 8.1, instead urging users to upgrade to Windows 11.
“Continuing to use Windows 8.1 after January 10, 2023 may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations,” the company cautions.
Software Patches from Other Vendors
In addition to Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including —
- Adobe
- AMD
- Android
- Cisco
- Citrix
- Dell
- F5
- Fortinet
- GitLab
- Google Chrome
- HP
- IBM
- Intel
- Juniper Networks
- Lenovo
- Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
- MediaTek
- Qualcomm
- SAP
- Schneider Electric
- Siemens
- Synology
- Zoom, and
- Zyxel
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North
A predictable patch cadence is nice, but the software giant can do more.
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.
January saw a slew of security patches for iOS, Chrome, Windows, and more.
By Waqas Cybercriminals are leveraging two exploit chains (ProxyNotShell/OWASSRF) to target Microsoft Exchange servers, as warned by Bitdefender Labs. This is a post from HackRead.com Read the original post: New Wave of Cyberattacks Targeting MS Exchange Servers
Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239115 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Nessus, Rapid7 and ZDI […]
Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: CVE-2023-21674 Tags: APLC Tags: CVE-2023-21743 Tags: Sharepoint Tags: CVE-2023-21563 Tags: BitLocker The second Tuesday of the year brings us many updates, including one for an actively exploited vulnerability that could lead to elevation of privileges (Read more...) The post Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability appeared first on Malwarebytes Labs.
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.
Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.
Windows Credential Manager User Interface Elevation of Privilege Vulnerability.
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.
Microsoft SharePoint Server Security Feature Bypass Vulnerability.
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21760.
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21763.
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21764.
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21765.
Microsoft released its monthly security update on Tuesday, disclosing 101 vulnerabilities. Of these vulnerabilities, 11 are classified as “Critical”, 89 are classified as “Important”, no vulnerability classified as “Moderate.”
Microsoft released its monthly security update on Tuesday, disclosing 101 vulnerabilities. Of these vulnerabilities, 11 are classified as “Critical”, 89 are classified as “Important”, no vulnerability classified as “Moderate.”
Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.
The hosting services provider shared new details on the breach that took down its Hosted Exchange Email service.
The hosting provider had not applied Microsoft's new patch due to publicly reported issues with the update.
The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers.
Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford,
Categories: News Categories: Ransomware Tags: Rackspace Tags: Exchange Tags: ransomware Tags: ProxyNotShell Rackspace said a ransomware incident affected its Hosted Exchange environment and caused service disruptions. (Read more...) The post Rackspace confirms it suffered a ransomware attack appeared first on Malwarebytes Labs.
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080.
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41100.
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41093, CVE-2022-41100.
Microsoft Exchange Server Elevation of Privilege Vulnerability
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41045, CVE-2022-41093.
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”
Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. All vulnerabilities: 105Urgent: 2Critical: 1High: 29Medium: 71Low: 2 Let’s take a look at the most interesting vulnerabilities: Two […]
Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to
Even organizations that use Exchange Online may still be affected if they run a hybrid server.
By Deeba Ahmed The latest attack against Exchange servers utilizes at least two new flaws (CVE-2022-41040, CVE-2022-41082) that have been assigned CVSS scores of 6.3 and 8.8. This is a post from HackRead.com Read the original post: Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
Categories: Exploits and vulnerabilities Categories: News Tags: Exchange Tags: ProxyShell Tags: remote PowerShell Tags: web shell Tags: CVE-2022-41040 Tags: CVE-2022-41082 Tags: SSRF Tags: RCE Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers (Read more...) The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.
Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is