Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)

Microsoft January 2023 Patch Tuesday Security Updates
Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)

Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild.

  1. 11Critical
  2. 87Important
  3. 0Moderate
  4. 0Low

Microsoft patched 98 CVEs in its January 2023 Patch Tuesday Release, with 11 rated as critical, and 87 rated as important.

This month’s update includes patches for:

  • .NET Core
  • 3D Builder
  • Azure Service Fabric Container
  • Microsoft Bluetooth Driver
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Message Queuing
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft WDAC OLE DB provider for SQL
  • Visual Studio Code
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Authentication Methods
  • Windows Backup Engine
  • Windows Bind Filter Driver
  • Windows BitLocker
  • Windows Boot Manager
  • Windows Credential Manager
  • Windows Cryptographic Services
  • Windows DWM Core Library
  • Windows Error Reporting
  • Windows Event Tracing
  • Windows IKE Extension
  • Windows Installer
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows iSCSI
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows LDAP - Lightweight Directory Access Protocol
  • Windows Local Security Authority (LSA)
  • Windows Local Session Manager (LSM)
  • Windows Malicious Software Removal Tool
  • Windows Management Instrumentation
  • Windows MSCryptDImportKey
  • Windows NTLM
  • Windows ODBC Driver
  • Windows Overlay Filter
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Remote Access Service L2TP Driver
  • Windows RPC API
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Smart Card
  • Windows Task Scheduler
  • Windows Virtual Registry Provider
  • Windows Workstation Service

Elevation of privilege (EoP) vulnerabilities accounted for 39.8% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 33.7%.

Important

CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVE-2023-21674 is an EoP vulnerability in Windows operating systems that received a CVSSv3 score of 8.8 and has been exploited in the wild as a zero day. The vulnerability exists in the Advanced Local Procedure Call (ALPC) functionality. ALPC is a message passing utility in Windows operating systems. When exploited, an attacker can leverage the vulnerability to break out of the sandbox in Chromium and gain kernel-level execution privileges.

Critical

CVE-2023-21730 | Windows Cryptographic Services Elevation of Privilege Vulnerability

CVE-2023-21730 is an EoP in Windows operating systems that received a CVSSv3 score of 7.8. The vulnerability exists in Windows Cryptographic Services, a suite of cryptographic utilities in Windows operating systems. The vulnerability can be exploited by a remote, unauthenticated attacker. The exploit requires no user interaction and has a low attack complexity. However, according to the Microsoft Exploitability Index, exploitation is less likely. Discovery is credited to Microsoft's Offensive and Security Engineering (MORSE) team.

Important

CVE-2023-21760, CVE-2023-21765, CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerabilities

CVE-2023-21760, CVE-2023-21765, and CVE-2023-21678 are EoP vulnerabilities in Windows Print Spooler. The three vulnerabilities were assigned a CVSSv3 score of 7.8 and are rated as “Exploitation Less Likely.” CVE-2023-21678 was disclosed to Microsoft by the National Security Agency (NSA). This continues a trend observed last year, where the NSA disclosed three vulnerabilities in Print Spooler, beginning with CVE-2022-29104 and CVE-2022-29132 in May 2022 and leading to CVE-2022-38028 in O​​ctober 2022.

Due to the ubiquity of the Windows Print Spooler, it has seen continued interest by researchers and attackers as an ideal target since the discovery of PrintNightmare and we expect this trend to continue for the foreseeable future.

Critical

CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556 and CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerabilities

CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556 and CVE-2023-21679 are RCE vulnerabilities in Windows operating systems, all given a CVSSv3 score of 8.1. The vulnerabilities can be exploited by a remote, unauthenticated attacker targeting a machine acting as a Remote Access Server. However, the vulnerabilities have a high attack complexity, meaning the attacker will have to perform actions on the target prior to exploitation for it to be successful. Discovery is credited to RyeLv for CVE-2023-21543, and Yuki Chen with Cyber KunLun for the others.

Important

CVE-2023-21763 and CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerabilities

CVE-2023-21763 and CVE-2023-21764 are EoP vulnerabilities in Microsoft Exchange Server that received CVSSv3 scores of 7.8 and could grant an authenticated attacker SYSTEM privileges. Microsoft has rated these as “Exploitation Less Likely,” but has offered no explanation why. Piotr Bazydlo with Trend Micro Zero Day Initiative is credited with reporting both of these vulnerabilities.

Important

CVE-2023-21745 and CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerabilities

CVE-2023-21745 and CVE-2023-21762 are spoofing vulnerabilities in Microsoft Exchange Server that both received CVSSv3 score of 8.0. However, these flaws have distinct characteristics from one another. CVE-2023-21745 can be exploited by an adjacent attacker — either via the local area network, or over the internet — and was rated “Exploitation More Likely.” It was reported by Piotr Bazydlo with Trend Micro Zero Day Initiative. On the other hand, CVE-2023-21762 also requires an adjacent attacker, but is restricted to a shared physical or local network, or an “otherwise limited administrative domain.” Successful exploitation could lead to disclosure of New Technology LAN Manager (NTLM) hashes and NTLM relay attacks.

Important

CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability

CVE-2023-21746 is an EoP vulnerability in Windows NTLM that received a CVSSv3 score of 7.8 and was rated “Exploitation Less Likely.” Successful exploitation would allow an attacker to gain SYSTEM privileges. It was disclosed by Andrea Pierini with Semperis and Antonio Cocomazzi with Sentinel One.

Tenable Solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name contains January 2023.

With that filter set, click the plugin families to the left and enable each plugin that appears on the right side. Note: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

A list of all the plugins released for Tenable’s January 2023 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until February 28th.
Buy a multi-year license and save more.

Add Support and Training