Welcome to our summary of the first Patch Tuesday of the year (January 2023). We have tabulated the vulnerabilities that the latest patches from Microsoft, so that you can easily export them for use in your vulnerability management program.
Rootshell users have already benefited from the platform’s Active Exploit Detection, which automatically alerts you to active exploits affecting issues within your estate.
Microsoft Patch Tuesday January 2023
Microsoft’s January 2023 Patch Tuesday announces fixes for 98 issues, including an actively exploited zero-day vulnerability. The Rootshell Platform has already alerted users whose estates contain these active exploits.
11 of the 98 vulnerabilities are Critical, due to the fact that they allow remote code execution, bypass security features, or allow escalation of privileges.
This update contains 39 Elevation of Privilege Vulnerabilities, 4 Security Feature Bypass Vulnerabilities, 33 Remote Code Execution Vulnerabilities, 10 Information Disclosure Vulnerabilities, 10 Denial of Service Vulnerabilities, and 2 Spoofing Vulnerabilities.
One actively exploited zero-day fixed
The actively exploited and publicly disclosed zero-day vulnerability fixed in today’s updates are:
- CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
This is a Sandbox escape vulnerability that can lead to the elevation of privileges. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
[wpdatatable id=”11″ /][wpdatatable id=”0″ /]
Subscribe So You Never Miss an Update
