The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, many of which are rated as critical, and one is actively exploited in the wild. More specifically, 11 of the vulnerabilities have been rated critical, and 87 of them – important. One of the security flaws has been listed as publicly known.
CVE-2023-21674 is the identifier of the vulnerability under active exploitation. The issue, which is rated critical, is located in the Windows Advanced Local Procedure Call (ALPC). The vulnerability has been outlined as a “Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability,” and it could allow an attacker to gain SYSTEM privileges.
The flaw affects systems running Windows 8, Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022.
What Are Cybersecurity Experts saying about CVE-2023-21674?
Satnam Narang, senior staff research engineer at Tenable, has pointed out that vulnerabilities such as CVE-2023-21674 are typically coined by advanced persistent threat groups in their attempt to conduct targeted attacks. “The likelihood of future widespread exploitation of an exploit chain like this is limited due to auto-update functionality used to patch browsers,” Narang explained.
It is also noteworthy that CVE-2023-21674 is the fourth security flaw in Windows Advanced Local Procedure Call fixed in recent months. Three ALPC flaws, CVE-2022-41045, CVE-2022-41093, and CVE-2022-41100, were addressed in November 2022.
There’s one vulnerability that needs instant attention: CVE-2023-21743, a security feature bypass vulnerability in Microsoft SharePoint Server.
What Are Cybersecurity Experts Saying about CVE-2023-21743?
Trend Micro’s Dustin Childs warned that this SFB is quite rare. A remote, unauthenticated attacker could use it to connect to the affected SharePoint server anonymously. To ensure complete protection from this vulnerability, sysadmins must upgrade SharePoint.
Preetham Gurram, a Senior Product Manager at Automox, noted that an attacker can bypass SharePoint’s protection by blocking the HTTP request based on IP range. If the exploit is successful, they will be able to determine whether any HTTP endpoints lie within the blocked IP range, but they must have read access to the target SharePoint site to do so.
Another vulnerability worth noting as part of January 2023 Patch Tuesday is CVE-2023-21549. The flaw, which was publicly listed, is located in Windows SMB Witness. The attack complexity of CVE-2023-21549 is considered low, as it doesn’t require user interaction. According to Microsoft, a successful exploitation requires an attacker to execute a specially crafted malicious script which executes an RPC call to an RPC host. “This could result in elevation of privilege on the server. An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only,” the company added.
What Else Has Been Fixed in January 2023 Patch Tuesday?
Other patches fixed this month address vulnerabilities in the Windows Print Spooler (noted by the NSA), the Windows kernel, and other solutions. Two particularly noteworthy issues, labeled CVE-2023-21560 and CVE-2023-21563, allow attackers to bypass the BitLocker Device Encryption feature and access encrypted data on a system storage device if they are physically present.