Microsoft has addressed over 100 common vulnerabilities and exposures (CVE) in the first Patch Tuesday of 2023.
Of the 101 CVEs resolved, 98 were new while three were revised from November and December 2022 patches.
The majority of CVEs relate to Windows OS updates, meaning this area should be a high priority for security teams this month.
One of the vulnerabilities was assigned Critical status, CVE-2023-21743. This is a remote authentication bypass, and remediation requires additional admin action following the installation of the SharePoint Server security update. Attackers are able to exploit the vulnerability without any user interaction, which is why Microsoft assigned it as Critical.
Another high priority for security teams is an actively exploited zero-day vulnerability, CVE-2023-21674. This could enable a browser sandbox escape and provide hackers with SYSTEM privileges.
Saeed Abbasi, manager of vulnerability and threat research at Qualys, noted: “Vulnerabilities of this nature are frequently leveraged in tandem with malware or ransomware delivery.”
Microsoft has also resolved a publicly disclosed vulnerability, CVE-2023-21549, in Windows SMB Witness Service in this month’s update. To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server.
This vulnerability requires urgent action, with Chris Goettl, VP of security products at Ivanti commenting: “Public disclosure means enough information regarding this vulnerability has been disclosed publicly giving attackers a head start on reverse engineering the vulnerability to attempt to exploit it.”
The vulnerabilities CVE-2023-21763 and CVE-2023-21764 were also notable inclusions in January’s Patch Tuesday. These Microsoft Exchange Server flaws could allow an attacker to elevate their privileges due to a failure to patch a previous vulnerability (CVE-2022-41123) properly, and gain SYSTEM privileges. Abbasi said: “Both SharePoint and Exchange are critical tools that many organizations use to collaborate and complete daily tasks – making these vulnerabilities extremely attractive in the eyes of an attacker.”
Microsoft also issued guidance for Exchange customers regarding ProxyNotShell OWASSRF exploits. It read: “At some point a vendor does need to move beyond a solution as the cost of completely revamping said solution to meet more modern use cases and needs becomes very difficult. Exchange Server is a good example of the dangers of holding onto a technology too long. Security researchers have stressed some fundamental risks with running Exchange Server.”
The firm added: “To properly assess this risk, you must assume you are competing with the concerted efforts of very knowledgeable adversaries. If you have not accounted for this in your risk assessment, chances are your organization is continuing to run Exchange Server under false assumptions.”