Microsoft has kickstarted 2023 with a comprehensive list of vulnerabilities, including several issues that have been flagged as zero-day bugs. This Patch Tuesday list covers over 90 common and uncommon exploits, with risk scores ranging from moderate to severe.
Patch Tuesday January – Highlights
January’s Patch Tuesday highlight is CVE-2022-41099 aka the BitLocker Security Bypass Feature vulnerability. Although it has yet to be detected in the wild, the vulnerability has been proven to be viable. According to Microsoft, a threat actor can use a spiked WinRE image to circumvent the BitLocker Device Encryption feature on the system storage device. By doing so, the threat actor can gain access to any data encrypted with the BitLocker Security feature. The event can be triggered at any given time during the reset or recovery operations.
A fix for CVE-2022-41099 is available on Microsoft’s website. Despite its severity, the BitLocker Security Bypass Feature vulnerability has one major limitation – the threat actor is required to physically interact with the machine in order to trigger the event. Furthermore, per Microsoft’s advisory, the defect appears to be contained in the Windows Recovery Environment.
The second item on the list is CVE-2023-21680, a Win32K Elevation of Privilege vulnerability. An attacker can potentially gain SYSTEM-type privileges by exploiting a Win32K bug. The good news is that this vulnerability cannot be remotely exploited. An official fix for CVE-2023-21680 has been made available.
For the very last entry on our January highlights list is CVE-2023-21551, a Cryptographic Services Elevation of Privileges vulnerability. By leveraging a defect in Win’s crypto services, an attacker could easily gain SYSTEM privileges on the victim’s machine. The vulnerability’s been marked as fixed, with a patch available on Microsoft’s official website.
January’s honorable mentions list includes CVE-2023-21675 (i.e., Windows Kernel Elevation of Privileges vulnerability, CVE-2023-21527 (i.e., Windows iSCSI Service Denial of Service Vulnerability), CVE-2023-21764 (i.e., Microsoft Exchange Server Elevation of Privilege vulnerability), and CVE-2023-21758 (i.e., Windows Internet Key Exchange Extension Denial of Service vulnerability). The full list of (patched) vulnerabilities can be found below.
CVE Number | CVE Title |
---|---|
CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21779 | Visual Studio Code Remote Code Execution |
CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability |
CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability |
CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability |
CVE-2023-21525 | Remote Procedure Call Runtime Denial of Service Vulnerability |
CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability |
CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability |
CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability |
CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability |
CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability |
CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability |
CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability |
CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability |
CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability |
CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability |
CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability |
CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability |
CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability |
CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability |
CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability |
CVE-2023-21725 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability |
CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability |
CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability |
CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability |
CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability |
CVE-2023-21559 | Windows Cryptographic Information Disclosure Vulnerability |
CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability |
CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability |
CVE-2023-21549 | Windows SMB Witness Service Elevation of Privilege Vulnerability |
CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability |
CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability |
CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability |
CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability |
CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability |
CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability |
CVE-2023-21538 | .NET Denial of Service Vulnerability |
CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability |
CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
Wrap-Up & Additional Cybersecurity Advice
This concludes the January edition of Heimdal®’s Path Tuesday series. Stay tuned for more awesome, patch-related content. In the meantime, here are a couple of things you can try out in order to enhance the security of your endpoints.
- Automatic patching. Smaller organizations tend to rely on manual patching in order to deploy all relevant improvement-carrying packages. However, things tend to change a bit when you’re in the shoes of an IT admin catering to the needs of hundreds of users. The best way around this issue is, of course, automatic patching. If configured correctly, an automatic patching solution can ensure timely (and correct) deployment and a low risk of incompatibility. Heimdal®’s Patch & Asset Management can aid you quickly distributing your patches, regardless if they are OS-specific, 3rd party, proprietary, or UX/UI-oriented.
- Paper trail. If you’re managing a team, consider drafting up a list of patching protocols. Include dates, times, Operating Systems, tests, and everything you can think of. Don’t forget to scribble down any modifications made to the software.
Additional resources: