Microsoft Patch Tuesday – 98 Flaws Patched Including the One Exploited in the Wild

A total of 98 vulnerabilities were fixed on January Patch Tuesday 2023 by Microsoft, including a zero-day vulnerability that was exploited actively, and a handful of other weaknesses.

This Patch Tuesday 2023 marks the first of the year, and it covers fixes for 98 vulnerabilities, including 11 that are rated ‘Critical,’ which is the highest class of vulnerability.

In order to assign this severity level, Microsoft has taken into consideration that the vulnerabilities enable attackers to achieve the following illicit abilities:-

RCE (Remote Code Execution)
Bypass security features
Allow elevated privilege levels to be used

Security updates are included in this release for the following products, features, and roles:-

.NET Core
3D Builder
Azure Service Fabric Container
Microsoft Bluetooth Driver
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Local Security Authority Server (lsasrv)
Microsoft Message Queuing
Microsoft Office
Microsoft Office SharePoint
Microsoft Office Visio
Microsoft WDAC OLE DB provider for SQL
Visual Studio Code
Windows ALPC
Windows Ancillary Function Driver for WinSock
Windows Authentication Methods
Windows Backup Engine
Windows Bind Filter Driver
Windows BitLocker
Windows Boot Manager
Windows Credential Manager
Windows Cryptographic Services
Windows DWM Core Library
Windows Error Reporting
Windows Event Tracing
Windows IKE Extension
Windows Installer
Windows Internet Key Exchange (IKE) Protocol
Windows iSCSI
Windows Kernel
Windows Layer 2 Tunneling Protocol
Windows LDAP – Lightweight Directory Access Protocol
Windows Local Security Authority (LSA)
Windows Local Session Manager (LSM)
Windows Malicious Software Removal Tool
Windows Management Instrumentation
Windows MSCryptDImportKey
Windows NTLM
Windows ODBC Driver
Windows Overlay Filter
Windows Point-to-Point Tunneling Protocol
Windows Print Spooler Components
Windows Remote Access Service L2TP Driver
Windows RPC API
Windows Secure Socket Tunneling Protocol (SSTP)
Windows Smart Card
Windows Task Scheduler
Windows Virtual Registry Provider
Windows Workstation Service

Flaws Detected

Below you’ll find a list of the number of bugs that fall into each of the vulnerability categories:-

Elevation of Privilege Vulnerabilities: 39
Security Feature Bypass Vulnerabilities: 4
Remote Code Execution Vulnerabilities: 33
Information Disclosure Vulnerabilities: 10
Denial of Service Vulnerabilities: 10
Spoofing Vulnerabilities: 2

Here below we have mentioned all the flaws detected and patched:-

CVE ID	Severity
CVE-2023-21538	Important
CVE-2023-21782	Important
CVE-2023-21781	Important
CVE-2023-21783	Important
CVE-2023-21784	Important
CVE-2023-21791	Important
CVE-2023-21793	Important
CVE-2023-21786	Important
CVE-2023-21790	Important
CVE-2023-21780	Important
CVE-2023-21792	Important
CVE-2023-21789	Important
CVE-2023-21785	Important
CVE-2023-21787	Important
CVE-2023-21788	Important
CVE-2023-21531	Important
CVE-2023-21739	Important
CVE-2023-21764	Important
CVE-2023-21763	Important
CVE-2023-21762	Important
CVE-2023-21761	Important
CVE-2023-21745	Important
CVE-2023-21680	Important
CVE-2023-21532	Important
CVE-2023-21552	Important
CVE-2023-21728	Important
CVE-2023-21537	Important
CVE-2023-21734	Important
CVE-2023-21735	Important
CVE-2023-21742	Important
CVE-2023-21743	Critical
CVE-2023-21744	Important
CVE-2023-21741	Important
CVE-2023-21736	Important
CVE-2023-21737	Important
CVE-2023-21738	Important
CVE-2023-21681	Important
CVE-2023-21779	Important
CVE-2023-21674	Important
CVE-2023-21768	Important
CVE-2023-21539	Important
CVE-2023-21752	Important
CVE-2023-21733	Important
CVE-2023-21563	Important
CVE-2023-21560	Important
CVE-2023-21726	Important
CVE-2023-21559	Important
CVE-2023-21551	Critical
CVE-2023-21561	Critical
CVE-2023-21540	Important
CVE-2023-21730	Critical
CVE-2023-21550	Important
CVE-2023-21724	Important
CVE-2023-21558	Important
CVE-2023-21536	Important
CVE-2023-21758	Important
CVE-2023-21683	Important
CVE-2023-21677	Important
CVE-2023-21542	Important
CVE-2023-21547	Important
CVE-2023-21527	Important
CVE-2023-21755	Important
CVE-2023-21753	Important
CVE-2023-21556	Critical
CVE-2023-21555	Critical
CVE-2023-21543	Critical
CVE-2023-21546	Critical
CVE-2023-21679	Critical
CVE-2023-21676	Important
CVE-2023-21557	Important
CVE-2023-21524	Important
CVE-2023-21771	Important
CVE-2023-21725	Important
CVE-2023-21754	Important
CVE-2023-21746	Important
CVE-2023-21732	Important
CVE-2023-21766	Important
CVE-2023-21767	Important
CVE-2023-21682	Important
CVE-2023-21760	Important
CVE-2023-21765	Important
CVE-2023-21678	Important
CVE-2023-21757	Important
CVE-2023-21525	Important
CVE-2023-21548	Critical
CVE-2023-21535	Critical
CVE-2023-21759	Important
CVE-2023-21541	Important
CVE-2023-21772	Important
CVE-2023-21748	Important
CVE-2023-21773	Important
CVE-2023-21747	Important
CVE-2023-21776	Important
CVE-2023-21774	Important
CVE-2023-21750	Important
CVE-2023-21675	Important
CVE-2023-21749	Important
CVE-2023-21549	Important

Updates Released by Other Companies

As of January 2023, some of the following vendors have released updates to their products:-

Adobe
AMD
Android
Cisco
Citrix
Dell
F5
Fortinet
GitLab
Google Chrome
HP
IBM
Intel
Juniper Networks
Lenovo
Linux distributions (Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu)
MediaTek
Qualcomm
SAP
Schneider Electric
Siemens
Synology
Zoom
Zyxel

According to Microsoft, the Extended Security Update (ESU) program for Windows 8.1 will not be offered as part of the Windows 8.1 upgrade program; as the users are advised to upgrade to Windows 11 instead.

So, Windows 8.1 may pose a security risk to organizations if it is continued to be used after January 10, 2023.

Network Security Checklist – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.