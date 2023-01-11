



To mark Patch Tuesday, January 2023, Microsoft has released patches for vulnerabilities with CVE number 98. This includes one exploited in the wild (CVE-2023-21674) and one publicly disclosed (CVE-2023-21549). Both allow an attacker to elevate privileges on a vulnerable machine.

Notable vulnerabilities

CVE-2023-21674 is a Windows Advanced Local Procedure Call (ALPC) vulnerability that could lead to a browser sandbox escape that could allow an attacker to gain SYSTEM privileges on various Windows and Windows Server installations.

“This type of bug is often combined with some form of code execution to deliver malware or ransomware. Given that this was reported to Microsoft by Avast researchers, that scenario is here. It seems likely that it is in. Patching this should be a priority.

According to Satnam Narang, senior staff research engineer at Tenable, vulnerabilities like CVE-2023-21674 are typically launched by Advanced Persistent Threat (APT) groups as part of targeted attacks. “The auto-update feature used to patch browsers limits the potential for such exploit chains to be widely exploited in the future,” he added.

The vulnerability CVE-2023-21549 disclosed in Windows SMB Witness appears unlikely to be exploited in recent versions of Windows and Windows Server. However, the attack complexity and required privileges are low and no user interaction is required.

“To exploit this vulnerability, an attacker could run a specially crafted malicious script that makes RPC calls to the RPC host. This could lead to elevated privileges on the server. An attacker who exploits this vulnerability could execute RPC functions that are restricted to privileged accounts only,” Microsoft said.

But while CVE-2023-21549 may be a patching priority, CVE-2023-21743 (Microsoft SharePoint Server Security Feature Bypass Vulnerability) needs to be fixed quickly by many .

“Critical-rated Security Feature Bypass (SFB) is rare, but it appears to qualify. This bug allows unauthenticated, remote attackers to connect anonymously to an affected SharePoint server. may become.

“Attackers can bypass SharePoint’s protections and block HTTP requests based on IP ranges. An attacker who successfully exploited this vulnerability would be able to determine if the HTTP endpoints were within the blocked IP ranges. Additionally, an attacker would need to have read access to the target SharePoint site to exploit this vulnerability,” said Preetham Gurram, senior product manager at Automox. says.

Admins responsible for patching on-premises Microsoft Exchange Servers patched two EoP vulnerabilities (CVE-2023-21763/CVE-2023-21764) due to patch failures released in November 2022 need to act quickly to apply

The remaining patches are intended to fix vulnerabilities in the Windows print spooler (one of which has been reported by the NSA), the Windows kernel, and other solutions. It also has two interesting flaws (CVE-2023-21560, CVE-2023-21563) that allow an attacker to bypass his BitLocker device encryption feature on system storage devices and gain access to encrypted data. is only physically present.

The end of the road to using Windows 7 safely

Finally, I would like to reiterate that Microsoft ended extended security support for Windows 7 today.

“It’s been three years since Microsoft started its Windows 7 and Server 2008/2008 R2 Extended Security Update (ESU) program, and the final security updates for these operating systems will be released next week. While it remains operational, new vulnerabilities continue to be discovered, making these systems increasingly vulnerable to exploitation,” said Todd Schell, senior product manager for security at Ivanti.

Microsoft offers several options for users looking to switch from Windows 7, depending on the hardware of the machine.

The extended end date for Windows 8.1 is also today. “After this date, this product will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates,” Microsoft noted.

