Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild.

This is also the last time we expect to see fixes for Windows 8.1 included, since the support for Windows 8.1 ended January 10, 2023.

ALPC

Let’s start with the vulnerability that was found to be actively exploited in the wild. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The actively exploited vulnerability is listed as CVE-2023-21674.

The flaw is an Elevation of Privilege  (EoP) vulnerability in the Windows Advanced Local Procedure Call (ALPC). ALPC is an inter-process communication (IPC) facility provided by the Microsoft Windows kernel. The ALPC is an ideal attack surface for EoP vulnerabilities since it helps client processes communicate with server processes. So a vulnerability in this facility could be used to give a malicious client process the permissions of a service process, which are often SYSTEM privileges.

An EoP vulnerability by itself is not always of much use to an attacker, unless they can use the gained privileges to further compromise the target system. So it is likely that is has been spotted in the wild in combination or in a chain with other vulnerabilities.

The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its catalog of actively exploited vulnerabilities, urging federal agencies to apply patches by January 31, 2023.

SharePoint Server

Another vulnerability that deserves your immediate attention if you’re a Microsoft SharePoint Server user, is listed as CVE-2023-21743—a SharePoint Server security feature bypass vulnerability. In a network-based attack, an unauthenticated attacker could bypass authentication and make an anonymous connection. According to Microsofts’ description, exploitation is more likely and exploitation requires no user interaction.

It is very important to note that users have to trigger a SharePoint upgrade action, which is included in this update, to protect their SharePoint farm. The upgrade action can be triggered by running the SharePoint Products Configuration Wizard, the Upgrade-SPFarm PowerShell cmdlet, or the “psconfig.exe -cmd upgrade -inplace b2b” command on each SharePoint server after installing the update.

BitLocker

Another interesting one, albeit only for those that use BitLocker, is CVE-2023-21563, a BitLocker security feature bypass vulnerability. BitLocker is a Windows volume encryption technology that protects your data from unauthorized access by encrypting your drive. Many travellers and remote workers trust BitLocker to keep sensitive data safe from prying eyes in case a laptop is lost or stolen. This flaw allows a successful attacker to bypass the BitLocker Device Encryption feature on the system storage device. Which means an attacker with physical access to the target system could exploit this vulnerability to gain access to encrypted data.

Other updates

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.

Adobe released four patches to fix vulnerabilities in Acrobat and Reader, InDesign, InCopy, and Dimension software.

Cisco released security updates for its IP Phone 7800 and 8800 phones.

Fortinet published its monthly advisory covering issues in several of their products.

Google patched 60 vulnerabilities in the first Android update of 2023

Intel published a oneAPI Toolkit software advisory.

SAP published 12 new and updated patches.

Synology issued an advisory about a vulnerability that allows remote attackers to execute arbitrary commands through a susceptible version of VPN Plus Server.