Today’s VERT Alert addresses Microsoft’s January 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1037 on Wednesday, January 11th.
In-The-Wild & Disclosed CVEs
CVE-2023-21549
A vulnerability in the SMB Witness Service was reported by two Akamai researchers, Stiv Kupchik and Ophir Harpaz. The vulnerability allows for a privilege elevation on a server by executing a malicious RPC call, allowing the attacker access to RPC functions normally restricted to privileged accounts. Akamai has been performing a lot of RPC research over the past year and you can follow along with their research on GitHub.
CVE-2023-21674
A local privilege escalation vulnerability allows attackers to gain SYSTEM level access via Windows Advanced Local Procedure Call (ALPC). The vulnerability was reported by researchers from Avast and has seen public exploitation. One note from Microsoft is that the vulnerability could allow the attacker to escape a browser sandbox.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
Windows IKE Extension |
3 |
CVE-2023-21677, CVE-2023-21683, CVE-2023-21758 |
|
Windows Management Instrumentation |
1 |
CVE-2023-21754 |
|
Windows Secure Socket Tunneling Protocol (SSTP) |
2 |
CVE-2023-21535, CVE-2023-21548 |
|
Windows RPC API |
1 |
CVE-2023-21525 |
|
Windows Error Reporting |
1 |
CVE-2023-21558 |
|
Windows NTLM |
1 |
CVE-2023-21746 |
|
Microsoft Local Security Authority Server (lsasrv) |
1 |
CVE-2023-21728 |
|
Windows Cryptographic Services |
6 |
CVE-2023-21540, CVE-2023-21550, CVE-2023-21551, CVE-2023-21559, CVE-2023-21561, CVE-2023-21730 |
|
Windows Local Session Manager (LSM) |
1 |
CVE-2023-21771 |
|
Windows Installer |
1 |
CVE-2023-21542 |
|
Windows Internet Key Exchange (IKE) Protocol |
1 |
CVE-2023-21547 |
|
Windows Ancillary Function Driver for WinSock |
1 |
CVE-2023-21768 |
|
Microsoft Bluetooth Driver |
1 |
CVE-2023-21739 |
|
Visual Studio Code |
1 |
CVE-2023-21779 |
|
Microsoft Office SharePoint |
3 |
CVE-2023-21742, CVE-2023-21743, CVE-2023-21744 |
|
Microsoft Office Visio |
4 |
CVE-2023-21736, CVE-2023-21737, CVE-2023-21738, CVE-2023-21741 |
|
3D Builder |
14 |
CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21784, CVE-2023-21786, CVE-2023-21791, CVE-2023-21793, CVE-2023-21783, CVE-2023-21785, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21792 |
|
Windows Task Scheduler |
1 |
CVE-2023-21541 |
|
Microsoft Graphics Component |
3 |
CVE-2023-21532, CVE-2023-21552, CVE-2023-21680 |
|
Windows Event Tracing |
1 |
CVE-2023-21536 |
|
Azure Service Fabric Container |
1 |
CVE-2023-21531 |
|
Windows Kernel |
2 |
CVE-2023-21753, CVE-2023-21755 |
|
Windows DWM Core Library |
1 |
CVE-2023-21724 |
|
Microsoft Exchange Server |
5 |
CVE-2023-21761, CVE-2023-21762, CVE-2023-21763, CVE-2023-21764, CVE-2023-21745 |
|
Windows Point-to-Point Tunneling Protocol |
1 |
CVE-2023-21682 |
|
Microsoft Office |
2 |
CVE-2023-21734, CVE-2023-21735 |
|
Windows ODBC Driver |
1 |
CVE-2023-21732 |
|
Windows Workstation Service |
1 |
CVE-2023-21549 |
|
Windows Bind Filter Driver |
1 |
CVE-2023-21733 |
|
Windows iSCSI |
1 |
CVE-2023-21527 |
|
Windows Local Security Authority (LSA) |
1 |
CVE-2023-21524 |
|
Windows Layer 2 Tunneling Protocol |
5 |
CVE-2023-21546, CVE-2023-21543, CVE-2023-21555, CVE-2023-21556, CVE-2023-21679 |
|
Windows Remote Access Service L2TP Driver |
1 |
CVE-2023-21757 |
|
Microsoft WDAC OLE DB provider for SQL |
1 |
CVE-2023-21681 |
|
Windows Overlay Filter |
2 |
CVE-2023-21766, CVE-2023-21767 |
|
Windows Malicious Software Removal Tool |
1 |
CVE-2023-21725 |
|
Windows Boot Manager |
1 |
CVE-2023-21560 |
|
Windows Backup Engine |
1 |
CVE-2023-21752 |
|
Windows Authentication Methods |
1 |
CVE-2023-21539 |
|
.NET Core |
1 |
CVE-2023-21538 |
|
Windows Virtual Registry Provider |
9 |
CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774, CVE-2023-21776, CVE-2023-21675 |
|
Microsoft Message Queuing |
1 |
CVE-2023-21537 |
|
Windows Print Spooler Components |
3 |
CVE-2023-21678, CVE-2023-21760, CVE-2023-21765 |
|
Windows Credential Manager |
1 |
CVE-2023-21726 |
|
Windows BitLocker |
1 |
CVE-2023-21563 |
|
Windows Smart Card |
1 |
CVE-2023-21759 |
|
Windows ALPC |
1 |
CVE-2023-21674 |
|
Windows LDAP - Lightweight Directory Access Protocol |
2 |
CVE-2023-21557, CVE-2023-21676 |
Other Information
At the time of publication, there were no new advisories included with the January Security Guidance.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
