Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Breakdown of a Phishing Attack: Dissecting the Uber and MailChimp Data Breaches Before and After the Inbox

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

January, 2023: Patch Tuesday - One Zero Day, Eleven Critical Updates

Welcome to my January Patch Tuesday newsletter. We are starting off 2023 with a large quantity of patches. There are 103 vulnerabilities being addressed this month with 11 of them being rated as critical (bold in the chart below). There is one zero-day being address, CVE-2023-21549, highlighted in yellow below. Microsoft reports that exploiting this vulnerability could allow an attacker to execute RPC functions that are restricted to privileged accounts. Despite the existance of various reports online that this shouldn't be listed as publicly disclosed we do hope you make sure this one gets patched. There is also one vulnerability being actively exploited, CVE-2023-21674, highlighted in yellow below. This vulnerability could allow an attacker to gain SYSTEM privileges. The details of this exploit are not public but since it is currently being exploited then you can be sure more attacks are soon to come.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 7 SP1, 8.1, RT 8.1, 10, 11 Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations	Critical	CVE-2023-21524 CVE-2023-21525 CVE-2023-21527 CVE-2023-21532 CVE-2023-21535 CVE-2023-21536 CVE-2023-21537 CVE-2023-21539 CVE-2023-21540 CVE-2023-21541 CVE-2023-21542 CVE-2023-21543 CVE-2023-21546 CVE-2023-21547 CVE-2023-21548 CVE-2023-21549 CVE-2023-21550 CVE-2023-21551 CVE-2023-21552 CVE-2023-21555 CVE-2023-21556 CVE-2023-21557 CVE-2023-21558 CVE-2023-21559 CVE-2023-21560 CVE-2023-21561 CVE-2023-21563 CVE-2023-21674 CVE-2023-21675 CVE-2023-21676 CVE-2023-21677 CVE-2023-21678 CVE-2023-21679 CVE-2023-21680 CVE-2023-21681 CVE-2023-21682 CVE-2023-21683 CVE-2023-21724 CVE-2023-21726 CVE-2023-21728 CVE-2023-21730 CVE-2023-21732 CVE-2023-21733 CVE-2023-21739 CVE-2023-21746 CVE-2023-21747 CVE-2023-21748 CVE-2023-21749 CVE-2023-21750 CVE-2023-21752 CVE-2023-21753 CVE-2023-21754 CVE-2023-21755 CVE-2023-21757 CVE-2023-21758 CVE-2023-21759 CVE-2023-21760 CVE-2023-21765 CVE-2023-21766 CVE-2023-21767 CVE-2023-21768 CVE-2023-21771 CVE-2023-21772 CVE-2023-21773 CVE-2023-21774 CVE-2023-21776	Workaround: No Exploited: Yes Public: Yes	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
Edge	Chromium-based	Important	CVE-2022-4436 CVE-2022-4437 CVE-2022-4438 CVE-2022-4439 CVE-2022-4440	Workaround: No Exploited: No Public: No	Non provided by MS
Office	365 Apps for Enterprise Office 2019, LTSC 2021 2019 for Mac, LTSC Mac 2021 Visio 2013 SP1, 2016	Important	CVE-2023-21734 CVE-2023-21735 CVE-2023-21736 CVE-2023-21737 CVE-2023-21738 CVE-2023-21741	Workaround: No Exploited: No Public: No	Remote Code Execution Information Disclosure
SharePoint	Enterprise Server 2013 SP1, 2016 Foundation 2013 SP1 Server 2019 Server Subscription Edition	Critical	CVE-2023-21742 CVE-2023-21743 CVE-2023-21744	Workaround: No Exploited: No Public: No	Remote Code Execution Security Feature Bypass
Azure	Service Fabric 8.2, 9.0, 9.1	Important	CVE-2023-21531	Workaround: No Exploited: No Public: No	Elevation of Privilege
Visual Studio	Code	Important	CVE-2023-21779	Workaround: No Exploited: No Public: No	Remote Code Execution
.NET	6.0	Important	CVE-2023-21538	Workaround: No Exploited: No Public: No	Denial of Service
Apps	3D Builder	Important	CVE-2023-21780 CVE-2023-21781 CVE-2023-21782 CVE-2023-21783 CVE-2023-21784 CVE-2023-21785 CVE-2023-21786 CVE-2023-21787 CVE-2023-21788 CVE-2023-21789 CVE-2023-21790 CVE-2023-21791 CVE-2023-21792 CVE-2023-21793	Workaround: No Exploited: No Public: No	Remote Code Execution
System Center	Windows Malicious Software Removal Tool	Important	CVE-2023-21725	Workaround: No Exploited: No Public: No	Elevation of Privilege
Exchange	Server 2013 CU23 Server 2016 CU 23 Server 2019 CU 11, 12	Important	CVE-2023-21745 CVE-2023-21761 CVE-2023-21762 CVE-2023-21763 CVE-2023-21764	Workaround: No Exploited: No Public: No	Elevation of Privilege Spoofing Information Disclosure

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

January 2023 Patch Monday	"Patch Tuesday - One Zero Day, Eleven Critical Updates "

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2023 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.