Categories: Cyber Security News

Microsoft Patch Tuesday – 98 Flaws Patched Including the One Exploited in the Wild

A total of 98 vulnerabilities were fixed on January Patch Tuesday 2023 by Microsoft, including a zero-day vulnerability that was exploited actively, and a handful of other weaknesses.

This Patch Tuesday 2023 marks the first of the year, and it covers fixes for 98 vulnerabilities, including 11 that are rated ‘Critical,’ which is the highest class of vulnerability.

In order to assign this severity level, Microsoft has taken into consideration that the vulnerabilities enable attackers to achieve the following illicit abilities:-

  • RCE (Remote Code Execution)
  • Bypass security features
  • Allow elevated privilege levels to be used

Security updates are included in this release for the following products, features, and roles:-

  • .NET Core
  • 3D Builder
  • Azure Service Fabric Container
  • Microsoft Bluetooth Driver
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Message Queuing
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft WDAC OLE DB provider for SQL
  • Visual Studio Code
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Authentication Methods
  • Windows Backup Engine
  • Windows Bind Filter Driver
  • Windows BitLocker
  • Windows Boot Manager
  • Windows Credential Manager
  • Windows Cryptographic Services
  • Windows DWM Core Library
  • Windows Error Reporting
  • Windows Event Tracing
  • Windows IKE Extension
  • Windows Installer
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows iSCSI
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows Local Security Authority (LSA)
  • Windows Local Session Manager (LSM)
  • Windows Malicious Software Removal Tool
  • Windows Management Instrumentation
  • Windows MSCryptDImportKey
  • Windows NTLM
  • Windows ODBC Driver
  • Windows Overlay Filter
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Remote Access Service L2TP Driver
  • Windows RPC API
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Smart Card
  • Windows Task Scheduler
  • Windows Virtual Registry Provider
  • Windows Workstation Service

Flaws Detected

Below you’ll find a list of the number of bugs that fall into each of the vulnerability categories:-

  • Elevation of Privilege Vulnerabilities: 39
  • Security Feature Bypass Vulnerabilities: 4
  • Remote Code Execution Vulnerabilities: 33
  • Information Disclosure Vulnerabilities: 10
  • Denial of Service Vulnerabilities: 10
  • Spoofing Vulnerabilities: 2

Here below we have mentioned all the flaws detected and patched:-

CVE IDSeverity
CVE-2023-21538Important
CVE-2023-21782Important
CVE-2023-21781Important
CVE-2023-21783Important
CVE-2023-21784Important
CVE-2023-21791Important
CVE-2023-21793Important
CVE-2023-21786Important
CVE-2023-21790Important
CVE-2023-21780Important
CVE-2023-21792Important
CVE-2023-21789Important
CVE-2023-21785Important
CVE-2023-21787Important
CVE-2023-21788Important
CVE-2023-21531Important
CVE-2023-21739Important
CVE-2023-21764Important
CVE-2023-21763Important
CVE-2023-21762Important
CVE-2023-21761Important
CVE-2023-21745Important
CVE-2023-21680Important
CVE-2023-21532Important
CVE-2023-21552Important
CVE-2023-21728Important
CVE-2023-21537Important
CVE-2023-21734Important
CVE-2023-21735Important
CVE-2023-21742Important
CVE-2023-21743Critical
CVE-2023-21744Important
CVE-2023-21741Important
CVE-2023-21736Important
CVE-2023-21737Important
CVE-2023-21738Important
CVE-2023-21681Important
CVE-2023-21779Important
CVE-2023-21674Important
CVE-2023-21768Important
CVE-2023-21539Important
CVE-2023-21752Important
CVE-2023-21733Important
CVE-2023-21563Important
CVE-2023-21560Important
CVE-2023-21726Important
CVE-2023-21559Important
CVE-2023-21551Critical
CVE-2023-21561Critical
CVE-2023-21540Important
CVE-2023-21730Critical
CVE-2023-21550Important
CVE-2023-21724Important
CVE-2023-21558Important
CVE-2023-21536Important
CVE-2023-21758Important
CVE-2023-21683Important
CVE-2023-21677Important
CVE-2023-21542Important
CVE-2023-21547Important
CVE-2023-21527Important
CVE-2023-21755Important
CVE-2023-21753Important
CVE-2023-21556Critical
CVE-2023-21555Critical
CVE-2023-21543Critical
CVE-2023-21546Critical
CVE-2023-21679Critical
CVE-2023-21676Important
CVE-2023-21557Important
CVE-2023-21524Important
CVE-2023-21771Important
CVE-2023-21725Important
CVE-2023-21754Important
CVE-2023-21746Important
CVE-2023-21732Important
CVE-2023-21766Important
CVE-2023-21767Important
CVE-2023-21682Important
CVE-2023-21760Important
CVE-2023-21765Important
CVE-2023-21678Important
CVE-2023-21757Important
CVE-2023-21525Important
CVE-2023-21548Critical
CVE-2023-21535Critical
CVE-2023-21759Important
CVE-2023-21541Important
CVE-2023-21772Important
CVE-2023-21748Important
CVE-2023-21773Important
CVE-2023-21747Important
CVE-2023-21776Important
CVE-2023-21774Important
CVE-2023-21750Important
CVE-2023-21675Important
CVE-2023-21749Important
CVE-2023-21549Important

Updates Released by Other Companies

As of January 2023, some of the following vendors have released updates to their products:-

  • Adobe
  • AMD
  • Android
  • Cisco
  • Citrix
  • Dell
  • F5
  • Fortinet
  • GitLab
  • Google Chrome
  • HP
  • IBM
  • Intel
  • Juniper Networks
  • Lenovo
  • Linux distributions (Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu)
  • MediaTek
  • Qualcomm
  • SAP
  • Schneider Electric
  • Siemens
  • Synology
  • Zoom
  • Zyxel

According to Microsoft, the Extended Security Update (ESU) program for Windows 8.1 will not be offered as part of the Windows 8.1 upgrade program; as the users are advised to upgrade to Windows 11 instead.

So, Windows 8.1 may pose a security risk to organizations if it is continued to be used after January 10, 2023.

Network Security Checklist – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: Vulnerability
2 years ago

Recent Posts

Implementing Identity First Security for Zero Trust Architectures

Zero Trust is a security framework that operates under the assumption that no implicit trust…

7 hours ago

InvokeADCheck – New Powershell Module for Active Directory Assessment

Orange Cyberdefense has announced the development of InvokeADCheck, a new PowerShell module designed to streamline…

9 hours ago

Detecting Malicious Activities With Traffic Distribution Systems

Traffic Distribution Systems (TDS) have emerged as critical tools for both legitimate and malicious purposes,…

9 hours ago

Hackers Deploy Advanced Social Engineering Tactics in Phishing Attacks

Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their…

9 hours ago

Cybercriminals Exploit Compromised Email Servers for Fraudulent Campaigns

Trend Micro's Managed XDR team has recently investigated a sophisticated Business Email Compromise (BEC) attack…

9 hours ago

Identifying Cyber Attack Patterns Through Threat Actor Infrastructure Analysis

Kudelski Security Research recently published an article detailing advanced methods for tracking and analyzing threat…

9 hours ago