Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023, including one that’s already been exploited and another listed as publicly known. 11 Common Vulnerabilities and Exposures (CVEs) were rated critical, meaning they could be exploited by malware or malicious actors to seize remote control over vulnerable Windows systems, with little or no help required from users. Such a large volume of patches is unusual for a January release, but we are seeing a trend of vulnerabilities increasing with every release.
Zero-day and Critical Microsoft Vulnerabilities
- CVE-2023-21674 allows Local Privilege Escalation (LPE) to SYSTEM via a vulnerability in Windows Advanced Local Procedure Call (ALPC), which Microsoft has already seen exploited in the wild. It allows a local attacker to escalate privileges and the potential for sandbox escape. This type of vulnerability can be leveraged in tandem with a malware or ransomware delivery. An ALPC zero-day back in 2018 was used in a malware campaign.
- CVE-2023-21549 - Windows SMB Witness Service Elevation of Privilege Vulnerability was publicly disclosed and has not been seen exploited in the wild. It’s a security feature bypass vulnerability in Microsoft SharePoint Server which should be quickly remediated. This bug could allow a remote unauthenticated attacker to make an anonymous connection to an affected SharePoint Server. The attacker can bypass the protection in SharePoint, blocking the HTTP request based on the IP range, allowing them to validate the presence or absence of an HTTP endpoint within the blocked IP range.
Office Remote Code Execution vulnerabilities:
- Three CVEs, CVE-2023-21762, CVE-2023-21763, CVE-2023-21764 are combined under a Microsoft Exchange Server Elevation of Privilege Vulnerability. For these CVEs to impact a user needs to be tricked into running malicious files, which can execute code with SYSTEM-level privileges. It is strongly recommended that users running Exchange deploy all necessary Exchange fixes promptly to mitigate this vulnerability.
Microsoft Cryptographic Services Elevation of Privilege Vulnerabilities:
- Three CVEs, CVE-2023-21730, CVE-2023-21561, CVE-2023-21551 can be exploited by a locally authenticated attacker sending specially crafted data to the local CSRSS service. This allows attackers to elevate their privileges from an AppContainer environment to SYSTEM level access.
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerabilities:
- Five CVEs,CVE-2023-21679, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556, CVE-2023-21543 can be exploited by unauthenticated attacker sending a specially crafted connection request to a Remote Access Server (RAS). In order to successfully exploit these vulnerabilities attackers would have to take additional steps to prepare the target environment and win a race condition.
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability:
- CVE-2023-21535, CVE-2023-21548 are vulnerabilities which can be exploited by an attacker who sends a specially crafted malicious SSTP packet to an SSTP server. In order to successfully exploit these vulnerabilities the attacker should win a race condition. A local user can then exploit the race and execute arbitrary code on the target system.
Microsoft End of Support
Windows 7, Windows Server 2008, and Windows Server 2008 R2 have reached the end of their Extended support from Microsoft, meaning the company will no longer provide frequent updates or security patches for these operating systems. This means that users of these systems will no longer be protected against new security vulnerabilities and may be at increased risk of malware and further cyber attacks.
Microsoft has offered several options for those looking to switch from Windows 7, depending on hardware capabilities and limitations.
The extended end date for Windows 8.1 is also January 14. “After this date, this product will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates,” Microsoft stated.
At Runecast we ensure that all the operating systems vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.
Meet other Runecasters here:
Run Secure and Compliant Workloads Anywhere
Detect and assess risks and be fully compliant in minutes.