Microsoft Patch Tuesday – January 2023

We are starting this year with a hard opening from Microsoft. 98 vulnerabilities where 2 are zero-days plus additional 11 criticals, and others marked as important. Let’s briefly review them!

CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

This is the first zero-day under active attack. This vulnerability could lead to a browser sandbox escape – Chromium to the kernel level. It allows a local attacker to escalate privileges to a SYSTEM. In reality, might be combined with malware or ransomware, some form of code exaction in general. I guess you know what is the recommendation here.

CVE-2023-21549 – Windows Workstation Service Elevation of Privilege Vulnerability

This is the publicly disclosed vulnerability in Windows SMB Witness. Should be less likely exploited in the latest Windows and Windows Server versions, but please be aware the attack complexity and privileges required are low, and no user interaction is needed.

CVE-2023-21561 / CVE-2023-21551 / CVE-2023-21730 – Microsoft Cryptographic Services Elevation of Privilege Vulnerability

A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM.

As the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

CVE-2023-21743 / CVE-2023-21744 / CVE-2023-21742 – Microsoft SharePoint Server Security Feature Bypass and Remote Code Execution Vulnerability

It’s really rare to see a Critical-rated Security Feature Bypass (SFB)! This one allows a remote, unauthenticated attacker to make an anonymous connection to an affected SharePoint server. Trigger a SharePoint upgrade action included in this update is needed to protect the SharePoint farm. The upgrade action can be triggered by running one of below:

  • SharePoint Products Configuration Wizard
  • Upgrade-SPFarm PowerShell cmdlet
  • “psconfig.exe -cmd upgrade -inplace b2b” command

on each SharePoint server after installing the update.

The other 2 mentioned Remote Code Execution Vulnerabilities are rated as Important (8.8), so might also require prioritization.

CVE-2023-21543 / CVE-2023-21546 / CVE-2023-21555 / CVE-2023-21556 / CVE-2023-21679 – Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

These critical rated bugs (8.1) could allow an unauthenticated attacker to remote code execution on the Remote Access Server (RAS) machine by sending a specially crafted connection request to a RAS server.

Also, CVE-2023-21535 & CVE-2023-21548 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerabilities are connected with a RAS server and also with the same rating. We observed a similar situation in August – SSTP + PPP, and right now we have SSTP + L2TP.

Summary

Below you can see the most important CVEs released by Microsoft for January 2023 (zero-days, criticals, and with CVSS at least 8.0). Besides the vulnerabilities already mentioned, you can find also info about bugs in Exchange, ODBC, or LDAP.

CVE NumberCVE TitleSeverity (CVSS score)Attack VectorAttack ComplexityPrivileges RequiredUser interactionExploit Code MaturityApplicable for
CVE-2023-21674Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityImportant (8.8)LocalLowLowNoneExploitedWindows 8.1+
Server 2012 R2+
CVE-2023-21549Windows Workstation Service Elevation of Privilege VulnerabilityImportant (8.8)NetworkLowLowNonePublicly disclosedWindows 7+
Windows Server 2012+
CVE-2023-21561Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical (8.8)LocalLowLowNoneUnprovenWindows 10+
Windows Server 2019+
CVE-2023-21551Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical (7.8)NetworkLowLowNoneUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21730Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical (7.8)NetworkHighLowNoneUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21743Microsoft SharePoint Server Security Feature Bypass VulnerabilityCritical (8.2)NetworkLowNoneNoneUnprovenSharePoint Enterprise Server 2016
SharePoint Server 2019
SharePoint Server Subscription Edition
CVE-2023-21744Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant (8.8)NetworkLowLowNoneUnprovenSharePoint Foundation 2013 SP1
SharePoint Enterprise Server 2013 SP1
SharePoint Enterprise Server 2016
SharePoint Server 2019
SharePoint Server Subscription Edition
CVE-2023-21742Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant (8.8)NetworkLowLowNoneUnprovenSharePoint Foundation 2013 SP1
SharePoint Enterprise Server 2013 SP1
SharePoint Enterprise Server 2016
SharePoint Server 2019
SharePoint Server Subscription Edition
CVE-2023-21543Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21546Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21555Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21556Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21679Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21535Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 8.1+
Windows Server 2008+
CVE-2023-21548Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21762Microsoft Exchange Server Spoofing VulnerabilityImportant (8.0)AdjacentLowLowNoneUnprovenExchange 2013 CU23
Exchange 2016 CU23
Exchange 2019 CU11
Exchange 2019 CU12
CVE-2023-21745Microsoft Exchange Server Spoofing VulnerabilityImportant (8.0)AdjacentLowLowNoneUnprovenExchange 2016 CU23
Exchange 2019 CU11
Exchange 2019 CU12
CVE-2023-21764Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant (7.8)LocalLowLowNoneUnprovenExchange 2016 CU23
Exchange 2019 CU11
Exchange 2019 CU12
CVE-2023-21763Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant (7.8)LocalLowLowNoneUnprovenExchange 2016 CU23
Exchange 2019 CU11
Exchange 2019 CU12
CVE-2023-21761Microsoft Exchange Server Information Disclosure VulnerabilityImportant (7.5)NetworkLowNoneNoneUnprovenExchange 2016 CU23
Exchange 2019 CU11
Exchange 2019 CU12
CVE-2023-21732Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnprovenWindows 7+
Windows Server 2008+
CVE-2023-21676Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant (8.8)NetworkLowLowNoneUnprovenWindows 10+
Windows Server 2019+

End of Life of Microsoft products

As a final word, while talking about Microsoft patches, it is worth mentioning that on the 10th of January 2023, the following Microsoft products reached End of Life status, meaning that these products will not get any further updates in the future. If it happens that you are still using any of these systems, upgrade to supported ones immediately.

  • Windows 7 (Professional, Enterprise) with Extended Security Update program, Year 3
  • Windows 8.1
  • Windows Server 2008 and Windows Server 2008 R2 with Extended Security Update program, Year 3 (not hosted in Azure)
  • Visual Studio 2012
  • Microsoft Dynamics products (AX 2012 R3, NAV 2013, NAV 2013 R2)
  • As a tip, please regularly visit https://learn.microsoft.com/en-us/lifecycle/products/ to be up to date with Microsoft products lifecycle (you can export the list and sort it in a spreadsheet for easier use if needed)

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top