Categories: Cyber Security News

Microsoft Patch Tuesday – 98 Flaws Patched Including the One Exploited in the Wild

A total of 98 vulnerabilities were fixed on January Patch Tuesday 2023 by Microsoft, including a zero-day vulnerability that was exploited actively, and a handful of other weaknesses.

This Patch Tuesday 2023 marks the first of the year, and it covers fixes for 98 vulnerabilities, including 11 that are rated ‘Critical,’ which is the highest class of vulnerability.

In order to assign this severity level, Microsoft has taken into consideration that the vulnerabilities enable attackers to achieve the following illicit abilities:-

  • RCE (Remote Code Execution)
  • Bypass security features
  • Allow elevated privilege levels to be used

Security updates are included in this release for the following products, features, and roles:-

  • .NET Core
  • 3D Builder
  • Azure Service Fabric Container
  • Microsoft Bluetooth Driver
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Message Queuing
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft WDAC OLE DB provider for SQL
  • Visual Studio Code
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Authentication Methods
  • Windows Backup Engine
  • Windows Bind Filter Driver
  • Windows BitLocker
  • Windows Boot Manager
  • Windows Credential Manager
  • Windows Cryptographic Services
  • Windows DWM Core Library
  • Windows Error Reporting
  • Windows Event Tracing
  • Windows IKE Extension
  • Windows Installer
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows iSCSI
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows Local Security Authority (LSA)
  • Windows Local Session Manager (LSM)
  • Windows Malicious Software Removal Tool
  • Windows Management Instrumentation
  • Windows MSCryptDImportKey
  • Windows NTLM
  • Windows ODBC Driver
  • Windows Overlay Filter
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Remote Access Service L2TP Driver
  • Windows RPC API
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Smart Card
  • Windows Task Scheduler
  • Windows Virtual Registry Provider
  • Windows Workstation Service

Flaws Detected

Below you’ll find a list of the number of bugs that fall into each of the vulnerability categories:-

  • Elevation of Privilege Vulnerabilities: 39
  • Security Feature Bypass Vulnerabilities: 4
  • Remote Code Execution Vulnerabilities: 33
  • Information Disclosure Vulnerabilities: 10
  • Denial of Service Vulnerabilities: 10
  • Spoofing Vulnerabilities: 2

Here below we have mentioned all the flaws detected and patched:-

CVE IDSeverity
CVE-2023-21538Important
CVE-2023-21782Important
CVE-2023-21781Important
CVE-2023-21783Important
CVE-2023-21784Important
CVE-2023-21791Important
CVE-2023-21793Important
CVE-2023-21786Important
CVE-2023-21790Important
CVE-2023-21780Important
CVE-2023-21792Important
CVE-2023-21789Important
CVE-2023-21785Important
CVE-2023-21787Important
CVE-2023-21788Important
CVE-2023-21531Important
CVE-2023-21739Important
CVE-2023-21764Important
CVE-2023-21763Important
CVE-2023-21762Important
CVE-2023-21761Important
CVE-2023-21745Important
CVE-2023-21680Important
CVE-2023-21532Important
CVE-2023-21552Important
CVE-2023-21728Important
CVE-2023-21537Important
CVE-2023-21734Important
CVE-2023-21735Important
CVE-2023-21742Important
CVE-2023-21743Critical
CVE-2023-21744Important
CVE-2023-21741Important
CVE-2023-21736Important
CVE-2023-21737Important
CVE-2023-21738Important
CVE-2023-21681Important
CVE-2023-21779Important
CVE-2023-21674Important
CVE-2023-21768Important
CVE-2023-21539Important
CVE-2023-21752Important
CVE-2023-21733Important
CVE-2023-21563Important
CVE-2023-21560Important
CVE-2023-21726Important
CVE-2023-21559Important
CVE-2023-21551Critical
CVE-2023-21561Critical
CVE-2023-21540Important
CVE-2023-21730Critical
CVE-2023-21550Important
CVE-2023-21724Important
CVE-2023-21558Important
CVE-2023-21536Important
CVE-2023-21758Important
CVE-2023-21683Important
CVE-2023-21677Important
CVE-2023-21542Important
CVE-2023-21547Important
CVE-2023-21527Important
CVE-2023-21755Important
CVE-2023-21753Important
CVE-2023-21556Critical
CVE-2023-21555Critical
CVE-2023-21543Critical
CVE-2023-21546Critical
CVE-2023-21679Critical
CVE-2023-21676Important
CVE-2023-21557Important
CVE-2023-21524Important
CVE-2023-21771Important
CVE-2023-21725Important
CVE-2023-21754Important
CVE-2023-21746Important
CVE-2023-21732Important
CVE-2023-21766Important
CVE-2023-21767Important
CVE-2023-21682Important
CVE-2023-21760Important
CVE-2023-21765Important
CVE-2023-21678Important
CVE-2023-21757Important
CVE-2023-21525Important
CVE-2023-21548Critical
CVE-2023-21535Critical
CVE-2023-21759Important
CVE-2023-21541Important
CVE-2023-21772Important
CVE-2023-21748Important
CVE-2023-21773Important
CVE-2023-21747Important
CVE-2023-21776Important
CVE-2023-21774Important
CVE-2023-21750Important
CVE-2023-21675Important
CVE-2023-21749Important
CVE-2023-21549Important

Updates Released by Other Companies

As of January 2023, some of the following vendors have released updates to their products:-

  • Adobe
  • AMD
  • Android
  • Cisco
  • Citrix
  • Dell
  • F5
  • Fortinet
  • GitLab
  • Google Chrome
  • HP
  • IBM
  • Intel
  • Juniper Networks
  • Lenovo
  • Linux distributions (Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu)
  • MediaTek
  • Qualcomm
  • SAP
  • Schneider Electric
  • Siemens
  • Synology
  • Zoom
  • Zyxel

According to Microsoft, the Extended Security Update (ESU) program for Windows 8.1 will not be offered as part of the Windows 8.1 upgrade program; as the users are advised to upgrade to Windows 11 instead.

So, Windows 8.1 may pose a security risk to organizations if it is continued to be used after January 10, 2023.

Network Security Checklist – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: Vulnerability
2 years ago

Recent Posts

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

1 day ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

1 day ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

1 day ago

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…

1 day ago

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a massive…

1 day ago

State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers

The State Bar of Texas has confirmed a data breach following the detection of unauthorized…

1 day ago