First Patch Tuesday of the year explodes with in-the-wild exploit fix

Patch Tuesday Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that’s already been exploited and another listed as publicly known. Of the new January vulnerabilities, 11 are rated critical because they lead to remote code execution.

The bug that’s under exploit, tracked as CVE-2023-21674, is an advanced local procedure call elevation of privilege vulnerability that received an 8.8 CVSS rating.

Redmond, per usual, provides scant details about the security hole and zero details about how miscreants are abusing the vulnerability. It does note that it could allow a local attacker to escalate privileges all the way up to SYSTEM level.

“Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware,” according to the Zero Day Initiative’s Dustin Childs. “Considering this was reported to Microsoft by researchers from Avast, that scenario seems likely here.”

CVE-2023-21549, another elevation of privilege vulnerability, this one in Windows SMB Witness Service, also received an 8.8 severity score and is listed as publicly known. 

“To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host,” according to the security alert. 

This could allow the attacker to escalate privileges, and then execute RPC functions that can only be sent by privileged accounts.

So many steps

Some of the other more interesting vulnerabilities, according to security researchers, include CVE-2023-21743, a security feature bypass bug in Microsoft Sharepoint Server. Redmond

Read more

Explore the site

More from the blog

Latest News