We are starting this year with a hard opening from Microsoft. 98 vulnerabilities where 2 are zero-days plus additional 11 criticals, and others marked as important. Let’s briefly review them!
CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
This is the first zero-day under active attack. This vulnerability could lead to a browser sandbox escape – Chromium to the kernel level. It allows a local attacker to escalate privileges to a SYSTEM. In reality, might be combined with malware or ransomware, some form of code exaction in general. I guess you know what is the recommendation here.
CVE-2023-21549 – Windows Workstation Service Elevation of Privilege Vulnerability
This is the publicly disclosed vulnerability in Windows SMB Witness. Should be less likely exploited in the latest Windows and Windows Server versions, but please be aware the attack complexity and privileges required are low, and no user interaction is needed.
CVE-2023-21561 / CVE-2023-21551 / CVE-2023-21730 – Microsoft Cryptographic Services Elevation of Privilege Vulnerability
A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM.
As the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.
CVE-2023-21743 / CVE-2023-21744 / CVE-2023-21742 – Microsoft SharePoint Server Security Feature Bypass and Remote Code Execution Vulnerability
It’s really rare to see a Critical-rated Security Feature Bypass (SFB)! This one allows a remote, unauthenticated attacker to make an anonymous connection to an affected SharePoint server. Trigger a SharePoint upgrade action included in this update is needed to protect the SharePoint farm. The upgrade action can be triggered by running one of below:
- SharePoint Products Configuration Wizard
- Upgrade-SPFarm PowerShell cmdlet
- “psconfig.exe -cmd upgrade -inplace b2b” command
on each SharePoint server after installing the update.
The other 2 mentioned Remote Code Execution Vulnerabilities are rated as Important (8.8), so might also require prioritization.
CVE-2023-21543 / CVE-2023-21546 / CVE-2023-21555 / CVE-2023-21556 / CVE-2023-21679 – Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
These critical rated bugs (8.1) could allow an unauthenticated attacker to remote code execution on the Remote Access Server (RAS) machine by sending a specially crafted connection request to a RAS server.
Also, CVE-2023-21535 & CVE-2023-21548 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerabilities are connected with a RAS server and also with the same rating. We observed a similar situation in August – SSTP + PPP, and right now we have SSTP + L2TP.
Summary
Below you can see the most important CVEs released by Microsoft for January 2023 (zero-days, criticals, and with CVSS at least 8.0). Besides the vulnerabilities already mentioned, you can find also info about bugs in Exchange, ODBC, or LDAP.
CVE Number | CVE Title | Severity (CVSS score) | Attack Vector | Attack Complexity | Privileges Required | User interaction | Exploit Code Maturity | Applicable for |
---|---|---|---|---|---|---|---|---|
CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important (8.8) | Local | Low | Low | None | Exploited | Windows 8.1+ Server 2012 R2+ |
CVE-2023-21549 | Windows Workstation Service Elevation of Privilege Vulnerability | Important (8.8) | Network | Low | Low | None | Publicly disclosed | Windows 7+ Windows Server 2012+ |
CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical (8.8) | Local | Low | Low | None | Unproven | Windows 10+ Windows Server 2019+ |
CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical (7.8) | Network | Low | Low | None | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical (7.8) | Network | High | Low | None | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Critical (8.2) | Network | Low | None | None | Unproven | SharePoint Enterprise Server 2016 SharePoint Server 2019 SharePoint Server Subscription Edition |
CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important (8.8) | Network | Low | Low | None | Unproven | SharePoint Foundation 2013 SP1 SharePoint Enterprise Server 2013 SP1 SharePoint Enterprise Server 2016 SharePoint Server 2019 SharePoint Server Subscription Edition |
CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important (8.8) | Network | Low | Low | None | Unproven | SharePoint Foundation 2013 SP1 SharePoint Enterprise Server 2013 SP1 SharePoint Enterprise Server 2016 SharePoint Server 2019 SharePoint Server Subscription Edition |
CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 8.1+ Windows Server 2008+ |
CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical (8.1) | Network | High | None | None | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Important (8.0) | Adjacent | Low | Low | None | Unproven | Exchange 2013 CU23 Exchange 2016 CU23 Exchange 2019 CU11 Exchange 2019 CU12 |
CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Important (8.0) | Adjacent | Low | Low | None | Unproven | Exchange 2016 CU23 Exchange 2019 CU11 Exchange 2019 CU12 |
CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important (7.8) | Local | Low | Low | None | Unproven | Exchange 2016 CU23 Exchange 2019 CU11 Exchange 2019 CU12 |
CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important (7.8) | Local | Low | Low | None | Unproven | Exchange 2016 CU23 Exchange 2019 CU11 Exchange 2019 CU12 |
CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Important (7.5) | Network | Low | None | None | Unproven | Exchange 2016 CU23 Exchange 2019 CU11 Exchange 2019 CU12 |
CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important (8.8) | Network | Low | None | Required | Unproven | Windows 7+ Windows Server 2008+ |
CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important (8.8) | Network | Low | Low | None | Unproven | Windows 10+ Windows Server 2019+ |
End of Life of Microsoft products
As a final word, while talking about Microsoft patches, it is worth mentioning that on the 10th of January 2023, the following Microsoft products reached End of Life status, meaning that these products will not get any further updates in the future. If it happens that you are still using any of these systems, upgrade to supported ones immediately.
- Windows 7 (Professional, Enterprise) with Extended Security Update program, Year 3
- Windows 8.1
- Windows Server 2008 and Windows Server 2008 R2 with Extended Security Update program, Year 3 (not hosted in Azure)
- Visual Studio 2012
- Microsoft Dynamics products (AX 2012 R3, NAV 2013, NAV 2013 R2)
- As a tip, please regularly visit https://learn.microsoft.com/en-us/lifecycle/products/ to be up to date with Microsoft products lifecycle (you can export the list and sort it in a spreadsheet for easier use if needed)
- Microsoft Patch Tuesday – January 2024 - January 10, 2024
- Microsoft Patch Tuesday – November 2023 - November 15, 2023
- Microsoft Patch Tuesday – October 2023 - October 11, 2023