Yesterday was Patch Tuesday, so it’s about time for Microsoft to send out a new round of updates and improvements for Windows 10the operating system that the company will continue to support until 2025 and the new Windows 11.
This security update of Microsoft in 2023 contains patches for exactly 98 vulnerabilities, including one that attackers are actively exploiting and another that is in the public domain but has not yet been exploited. With this they affirm that we start the year totally free of failures in Windows operating systems.
Highlight that Microsoft qualified 11 of the vulnerabilities disclosed as “critical” in severity, meaning organizations need to prioritize these for resolving, and he rated the remaining 87 as “Important,” a rating the company uses to describe vulnerabilities that, if exploited, could prove quite damaging.
Several of the vulnerabilities that the update security of January 2023 has been resolved, they affected products that are prime targets of attackers. Five of them, for example, affect Microsoft Exchange Server and three are or were in SharePoint.
Microsoft starts 2023 by fixing up to 98 vulnerabilities in Windows 10 and 11
Regarding Windows 10, note that Microsoft’s Tuesday patch includes the following updates:
Windows 10 Version 1507 – KB5022297 (OS Build 10240.19685) Windows 10 Version 1607 – KB5022289 (OS Build 14393.5648) Windows 10 Version 1703 – EOS Windows 10 Version 1709 – EOS Windows 10 Version 1803 – EOS Windows 10 Version 1809 – KB5022 3876 (OS Build 14393.5648) ) Windows 10 version 1903 – EOS Windows 10 version 1909 – EOS Windows 10 version 2004 – EOS Windows 10 version 20H2, 21H1, 21H2, and 22H2 – KB5022282 (OS Builds 19042.2486, 19044.2486, and 19045.2486)
As always happens, the company provides little or no information about these issues to prevent attackers from taking advantage of the situation. However, they do advise that we update our operating systems if the opportunity arises to avoid any vulnerability in our device.
Secondly, one of the high-priority vulnerabilities in the January 2023 update CVE-2023-21674 is a bug exploited in Windows ALPC. According to Microsoft, this zero-day vulnerability affects all versions of Windows OS (including the latest Windows 11) and could allow an attacker to gain system-level privileges (received a CVSS rating of 8.8).
Finally, note that two of the 25 bugs reported by ZDI, and patched by Microsoft this month, were elevation of privilege vulnerabilities in Exchange Server (CVE-2023-21763 and CVE-2023-21764), The result of a failed patch logged as CVE-2022-41123.
“The volume is definitely concerning, especially given the Exchange patches and SharePoint updates,” says Dustin Childs, communications manager for Trend Micro’s Zero Day Initiative (ZDI), which has reported 25 of the bugs. which Microsoft has fixed.
“These are common targets, and targets that often don’t get patched,” he says. “There are also updates put out by the National Security Agency and the Canadian Communications Security Establishment. That may raise an eyebrow or two,” she adds.
Regarding the recommended actions, Microsoft recommends that all customers install the latest Windows updates. and make sure your antivirus is up to date and enabled to prevent these attacks.