Service Notices

All Notices > Security Notices > Microsoft Releases January 2023 Security Updates

Microsoft Releases January 2023 Security Updates

Jan 12, 2023 GMT+08:00

I. Overview

Microsoft has released its January 2023 Security Updates. A total of 98 security vulnerabilities have been disclosed, among which 11 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The affected applications include Microsoft Windows, Microsoft Office, Microsoft SharePoint, and Microsoft Exchange.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2023-Jan

The following vulnerabilities have been exploited by attackers:

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability (CVE-2023-21674): 0-day vulnerability. It allows local attackers to elevate permissions during Chromium sandbox code execution. It has been exploited in the wild, and the risk is high.

Windows SMB Witness Service Elevation of Privilege Vulnerability (CVE-2023-21549): To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host. This could result in elevation of privilege on the server. The details of this vulnerability have been disclosed and the risk is high.

8 vulnerabilities (including CVE-2023-21745 and CVE-2023-21768) are officially marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft SharePoint and Microsoft Exchange.

IV. Vulnerability Details

CVE ID

Vulnerability

Severity

Description

CVE-2023-21546
CVE-2023-21543
CVE-2023-21556
CVE-2023-21555
CVE-2023-21679

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

Important

An unauthenticated attacker could send a specially crafted connection request to the RAS server to execute arbitrary code on the RAS server.

CVE-2023-21551
CVE-2023-21730
CVE-2023-21561

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Important

A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM.

CVE-2023-21548
CVE-2023-21535

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Important

To exploit this vulnerability, a remote attacker could send specially crafted SSTP packets to the SSTP server to enable remote code execution on the target system.

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability

Important

An unauthenticated remote attacker can exploit this vulnerability to establish anonymous connections to the target SharePoint server to bypass security checks.

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.