Microsoft fixed 98 vulnerabilities on Tuesday, January Patch Tuesday 2023, which included a , that was actively exploited, as well as a few other flaws.
This Patch Tuesday 2023 . It covers fixes for 98 vulnerabilities. 11 of these are rated as ‘Critical’, which means they have the most severe class of vulnerability.
Microsoft took into account that attackers can use the vulnerability to gain the following illicit capabilities to determine the severity of the threat.
- Remote Code Execution (RCE)
- Security features that bypass security
- You can use higher privilege levels
This release contains security updates for the following products and features:
- .NET Core
- 3D Builder
- Azure Service Fabric Container
- Microsoft Bluetooth Driver
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Local Security Authority Server – lsasrv
- Microsoft Message Queuing
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft WDAC OLE DB provider for SQL
- Visual Studio Code
- Windows ALPC
- WinSock Ancillary Function Driver for Windows
- Windows Authentication Methods
- Windows Backup Engine
- Driver Windows Bind Filter
- Windows BitLocker
- Windows Boot Manager
- Windows Credential Manager
- Windows Cryptographic Services
- Windows DWM Core Library
- Windows Error Reporting
- Windows Event Tracing
- Windows IKE Extension
- Windows Installer
- Protocol for Windows Internet Key Exchange (IKE).
- Windows iSCSI
- Windows Kernel
- Windows Layer 2 Tunneling Protocol
- Windows LDAP – Lightweight Directory Access Protocol
- Windows Local Security Authority, (LSA).
- Windows Local Session Manager, (LSM).
- Windows Malicious Software Removal Software
- Windows Management Instrumentation
- Windows MSCryptDImportKey
- Windows NTLM
- Windows ODBC Driver
- Windows Overlay Filter
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Parts
- Windows Remote Access Service (L2TP) Driver
- Windows RPC API
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows Smart Card
- Windows Task Scheduler
- Windows Virtual Registry Provider
- Windows Workstation Service
Flaws Detected
Here’s a listing of all the bugs that fit into each vulnerability category:
- Elevation Of Privilege Vulnerabilities 39
- Security Bypass Vulnerabilities – 4
- Remote Code Execution Vulnerabilities: 33
- Information Disclosure Vulnerabilities: 10
- 10. Denial of service vulnerability
- Spoofing Vulnerabilities: 2
Below are the details of all flaws that were found and how they can be fixed:
Other Companies Release
Several vendors released updated versions of their products as of January 20, 2023:
- Adobe
- AMD
- Android
- Cisco
- Citrix
- Dell
- F5
- Fortinet
- GitLab
- Google Chrome
- HP
- IBM
- Intel
- Juniper Networks
- Lenovo
- Linux distributions: Debian, Oracle Linux Red Hat, Red Hat and SUSE.
- MediaTek
- Qualcomm
- SAP
- Schneider Electric
- Siemens
- Synology
- Zoom
- Zyxel
Microsoft states that the Extended Security Update program (ESU), for Windows 8.1, will no longer be available as part of Windows 8.1’s upgrade program. Instead, users should upgrade to Windows 11.
Windows 8.1 could pose a risk for organizations if continued use is allowed after January 10, 2023.
Network Security Checklist . Free E-Book