Microsoft has addressed over 100 Common Vulnerabilities and Exposures (CVEs) in its first Patch Tuesday of 2023.
Of the 101 resolved CVEs, 98 are new and 3 have been fixed since the November and December 2022 patches.
Most of the CVEs are related to Windows OS updates. So this area should be a high priority for your security team this month.
One of the vulnerabilities has been assigned a Critical status, CVE-2023-21743. This is a remote authentication bypass and remediation requires additional administrator action after installing the SharePoint Server security update. Microsoft has rated this vulnerability as Critical because an attacker can exploit it without user intervention.
Another key priority for security teams is the actively exploited zero-day vulnerability CVE-2023-21674. This could allow a browser sandbox escape, giving a hacker her SYSTEM privileges.
Saeed Abbasi, Manager of Vulnerability and Threat Research at Qualys, said:
Microsoft also resolved the disclosed Windows SMB Witness Service vulnerability CVE-2023-21549 in this month’s update. An attacker could run a specially crafted malicious script that makes her RPC calls to an RPC host to exploit this vulnerability. This can lead to privilege escalation on the server.
This vulnerability requires immediate attention, commenting Chris Goettl, vice president of security products at Ivanti.
Vulnerabilities CVE-2023-21763 and CVE-2023-21764 were also notable in the January patch patch. These Microsoft Exchange Server flaws could allow an attacker to elevate privileges and gain SYSTEM privileges due to a previous vulnerability (CVE-2022-41123) that was not properly patched. Abbasi said:
Microsoft has also published guidance for Exchange customers on the ProxyNotShell OWASSRF exploit. “At some point, vendors will have to move beyond their solutions because the cost of completely revamping said solutions to meet more modern use cases and needs becomes prohibitive. Server is a good example of the dangers of keeping technology around for the long haul, and security researchers highlight some of the fundamental risks associated with running Exchange Server.”
The company added: If your risk assessment does not take this into account, your organization may be continuing to run Exchange Server under the wrong assumptions. ”
