Webinar Library
Welcome to my January Patch Tuesday newsletter. We are starting off 2023 with a large quantity of patches. There are 103 vulnerabilities being addressed this month with 11 of them being rated as critical (bold in the chart below). There is one zero-day being address, CVE-2023-21549, highlighted in yellow below. Microsoft reports that exploiting this vulnerability could allow an attacker to execute RPC functions that are restricted to privileged accounts. Despite the existance of various reports online that this shouldn't be listed as publicly disclosed we do hope you make sure this one gets patched. There is also one vulnerability being actively exploited, CVE-2023-21674, highlighted in yellow below. This vulnerability could allow an attacker to gain SYSTEM privileges. The details of this exploit are not public but since it is currently being exploited then you can be sure more attacks are soon to come.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 7 SP1, 8.1, RT 8.1, 10, 11
Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations
Critical
CVE-2023-21524 CVE-2023-21525 CVE-2023-21527 CVE-2023-21532 CVE-2023-21535 CVE-2023-21536 CVE-2023-21537 CVE-2023-21539 CVE-2023-21540 CVE-2023-21541 CVE-2023-21542 CVE-2023-21543 CVE-2023-21546 CVE-2023-21547 CVE-2023-21548 CVE-2023-21549 CVE-2023-21550 CVE-2023-21551 CVE-2023-21552 CVE-2023-21555 CVE-2023-21556 CVE-2023-21557 CVE-2023-21558 CVE-2023-21559 CVE-2023-21560 CVE-2023-21561 CVE-2023-21563 CVE-2023-21674 CVE-2023-21675 CVE-2023-21676 CVE-2023-21677 CVE-2023-21678 CVE-2023-21679 CVE-2023-21680 CVE-2023-21681 CVE-2023-21682 CVE-2023-21683 CVE-2023-21724 CVE-2023-21726 CVE-2023-21728 CVE-2023-21730 CVE-2023-21732 CVE-2023-21733 CVE-2023-21739 CVE-2023-21746 CVE-2023-21747 CVE-2023-21748 CVE-2023-21749 CVE-2023-21750 CVE-2023-21752 CVE-2023-21753 CVE-2023-21754 CVE-2023-21755 CVE-2023-21757 CVE-2023-21758 CVE-2023-21759 CVE-2023-21760 CVE-2023-21765 CVE-2023-21766 CVE-2023-21767 CVE-2023-21768 CVE-2023-21771 CVE-2023-21772 CVE-2023-21773 CVE-2023-21774 CVE-2023-21776
Workaround: No Exploited: Yes Public: Yes
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
Edge
Chromium-based
Important
CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440
Workaround: No Exploited: No Public: No
Non provided by MS
Office
365 Apps for Enterprise
Office 2019, LTSC 2021
2019 for Mac, LTSC Mac 2021 Visio 2013 SP1, 2016
CVE-2023-21734 CVE-2023-21735 CVE-2023-21736 CVE-2023-21737 CVE-2023-21738 CVE-2023-21741
Remote Code Execution Information Disclosure
SharePoint
Enterprise Server 2013 SP1, 2016
Foundation 2013 SP1
Server 2019
Server Subscription Edition
CVE-2023-21742 CVE-2023-21743 CVE-2023-21744
Remote Code Execution Security Feature Bypass
Azure
Service Fabric 8.2, 9.0, 9.1
CVE-2023-21531
Visual Studio
Code
CVE-2023-21779
.NET
6.0
CVE-2023-21538
Apps
3D Builder
CVE-2023-21780 CVE-2023-21781 CVE-2023-21782 CVE-2023-21783 CVE-2023-21784 CVE-2023-21785 CVE-2023-21786 CVE-2023-21787 CVE-2023-21788 CVE-2023-21789 CVE-2023-21790 CVE-2023-21791 CVE-2023-21792 CVE-2023-21793
System Center
Windows Malicious Software Removal Tool
CVE-2023-21725
Exchange
Server 2013 CU23 Server 2016 CU 23 Server 2019 CU 11, 12
CVE-2023-21745 CVE-2023-21761 CVE-2023-21762 CVE-2023-21763 CVE-2023-21764
Elevation of Privilege Spoofing Information Disclosure