• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Over 100 CVEs Addressed in First Patch Tuesday of 2023

You are here: Home / General Cyber Security News / Over 100 CVEs Addressed in First Patch Tuesday of 2023
January 11, 2023

Microsoft has resolved in excess of 100 widespread vulnerabilities and exposures (CVE) in the first Patch Tuesday of 2023.

Of the 101 CVEs fixed, 98 were new when a few ended up revised from November and December 2022 patches.

The the greater part of CVEs relate to Windows OS updates, that means this place must be a significant precedence for security teams this month.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


One particular of the vulnerabilities was assigned Critical standing, CVE-2023-21743. This is a distant authentication bypass, and remediation involves supplemental admin motion subsequent the installation of the SharePoint Server security update. Attackers are capable to exploit the vulnerability without the need of any person interaction, which is why Microsoft assigned it as Critical.

An additional high priority for security teams is an actively exploited zero-day vulnerability, CVE-2023-21674. This could empower a browser sandbox escape and give hackers with Procedure privileges.

Saeed Abbasi, supervisor of vulnerability and risk study at Qualys, observed: “Vulnerabilities of this nature are usually leveraged in tandem with malware or ransomware shipping.”

Microsoft has also resolved a publicly disclosed vulnerability, CVE-2023-21549, in Windows SMB Witness Services in this month’s update. To exploit this vulnerability, an attacker could execute a specially crafted destructive script which executes an RPC simply call to an RPC host. This could final result in elevation of privilege on the server.

This vulnerability requires urgent motion, with Chris Goettl, VP of security products at Ivanti commenting: “Public disclosure implies more than enough information about this vulnerability has been disclosed publicly giving attackers a head start on reverse engineering the vulnerability to endeavor to exploit it.”

The vulnerabilities CVE-2023-21763 and CVE-2023-21764 had been also notable inclusions in January’s Patch Tuesday. These Microsoft Trade Server flaws could allow for an attacker to elevate their privileges owing to a failure to patch a preceding vulnerability (CVE-2022-41123) effectively, and achieve Process privileges. Abbasi claimed: “Both SharePoint and Trade are critical tools that several corporations use to collaborate and total each day responsibilities – earning these vulnerabilities extremely appealing in the eyes of an attacker.”

Microsoft also issued steerage for Exchange shoppers concerning ProxyNotShell OWASSRF exploits. It read through: “At some point a vendor does want to move past a solution as the price tag of absolutely revamping explained alternative to meet up with much more contemporary use scenarios and desires becomes extremely tricky. Exchange Server is a superior instance of the dangers of keeping onto a technology also very long. Security researchers have stressed some basic hazards with jogging Exchange Server.”

The business additional: “To thoroughly assess this risk, you should believe you are competing with the concerted initiatives of incredibly educated adversaries. If you have not accounted for this in your risk assessment, possibilities are your corporation is continuing to run Exchange Server underneath wrong assumptions.”


Some elements of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «dark pink apt group targets governments and military in apac Dark Pink APT Group Targets Governments and Military in APAC Region

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 100 CVEs Addressed in First Patch Tuesday of 2023
  • Dark Pink APT Group Targets Governments and Military in APAC Region
  • Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
  • US Supreme Court Allows WhatsApp to Sue NSO Group
  • Researchers Find Security Flaw in JsonWebToken Library Used By 20,000+ Projects
  • StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
  • GitHub Adds Features to Automate Vulnerability Code Scanning
  • Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
  • Italian Users Warned of Malware Attack Targeting Sensitive Information
  • Cloud-delivered malware attacks almost tripled in 2022

Copyright © TheCyberSecurity.News, All Rights Reserved.