Skip to main content

Microsoft Releases January 2023 Security Updates

Scheduled updates for Microsoft products

Threat ID:
CC-4240
Threat Severity:
Information only
Published:
11 January 2023 12:16 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products

The following platforms are also known to be affected:

  • 3D Builder
  • Azure Service Fabric Container
  • Microsoft Bluetooth Driver
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Message Queuing
  • Microsoft Office Visio
  • Microsoft WDAC OLE DB provider for SQL
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Authentication Methods
  • Windows Backup Engine
  • Windows Bind Filter Driver
  • Windows BitLocker
  • Windows Boot Manager
  • Windows Credential Manager
  • Windows Cryptographic Services
  • Windows DWM Core Library
  • Windows Error Reporting
  • Windows Event Tracing
  • Windows IKE Extension
  • Windows Installer
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows iSCSI
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows LDAP - Lightweight Directory Access Protocol
  • Windows Local Security Authority (LSA)
  • Windows Local Session Manager (LSM)
  • Windows Malicious Software Removal Tool
  • Windows Management Instrumentation
  • Windows MSCryptDImportKey
  • Windows NTLM
  • Windows ODBC Driver
  • Windows Overlay Filter
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Remote Access Service L2TP Driver
  • Windows RPC API
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Smart Card
  • Windows Task Scheduler
  • Windows Virtual Registry Provider
  • Windows Workstation Service

Threat details

Introduction

Microsoft has released updates to address 98 vulnerabilities in Microsoft products, with 11 of them rated as critical and one zero-day vulnerability. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Exploitation reported for multiple vulnerabilities

A proof-of-concept for the Windows NTLM elevation of privilege vulnerability, CVE-2023-21746, has been publicly released. Exploitation attempts have been reported.

Microsoft has reported exploitation of a privilege escalation vulnerability in the Windows Advanced Local Procedure Call, known as CVE-2023-21674, and CISA has added it to their Known Exploited Vulnerabilities Catalog. Affected organisations are encouraged to read Microsoft's guidance for CVE-2023-21674 and apply any relevant updates.

Exploitation has also been reported for CVE-2023-21768, an elevation of privilege vulnerability in the Windows Ancillary Function driver for WinSock.

Threat updates

Date Update
21 Jun 2023 CVE-2023-21768 exploited in the wild

This article has been updated to reflect this change.
28 Feb 2023 Exploitation attempts reported for CVE-2023-21746

This article has been updated to reflect this change. 
16 Feb 2023 Proof-of-concept released for CVE-2023-21746

This article has been updated to reflect this change. 
27 Jan 2023 Microsoft urges administrators to patch on-premises Exchange servers

In the Exchange Team's Blog, Microsoft has urged administrators to continuously patch on-premises Exchange servers after issuing emergency out-of-band security updates to address the ProxyLogon vulnerabilities. Microsoft Exchange servers exposed online may still be vulnerable to attacks leveraging ProxyNotShell exploits targeting the CVE-2022-41082 remote code execution (RCE) vulnerability.  A high severity cyber alert (CC-4210) was previously released addressing the vulnerability. Microsoft recommends updating to the latest patch referenced in this cyber alert. 

Remediation advice

Affected organisations are encouraged to review Microsoft’s January 2023 Security Update Summary and Deployment Information and apply the relevant updates.
 

Last edited: 21 June 2023 4:06 pm