Patch Tuesday Review – February 2023

Patch Tuesday Image blog

Welcome to our summary of the first Patch Tuesday of the year (January 2023). We have tabulated the vulnerabilities that the latest patches from Microsoft, so that you can easily export them for use in your vulnerability management program.

Prism users have already benefited from the platform’s Active Exploit Detection, which automatically alerts you to active exploits affecting issues within your estate.

Microsoft Patch Tuesday January 2023

Microsoft’s January 2023 Patch Tuesday announces fixes for 98 issues, including an actively exploited zero-day vulnerability. Prism has already alerted users whose estates contain these active exploits.

11 of the 98 vulnerabilities are Critical, due to the fact that they allow remote code execution, bypass security features, or allow escalation of privileges.

This update contains 39 Elevation of Privilege Vulnerabilities, 4 Security Feature Bypass Vulnerabilities, 33 Remote Code Execution Vulnerabilities, 10 Information Disclosure Vulnerabilities, 10 Denial of Service Vulnerabilities, and 2 Spoofing Vulnerabilities.

One actively exploited zero-day fixed

The actively exploited and publicly disclosed zero-day vulnerability fixed in today’s updates are:

  • CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

This is a Sandbox escape vulnerability that can lead to the elevation of privileges. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Generated by wpDataTables


source https://www.rootshellsecurity.net/patch-tuesday-review-february-2023/

Comments