Microsoft has resolved in excess of 100 widespread vulnerabilities and exposures (CVE) in the first Patch Tuesday of 2023.
Of the 101 CVEs fixed, 98 were new when a few ended up revised from November and December 2022 patches.
The the greater part of CVEs relate to Windows OS updates, that means this place must be a significant precedence for security teams this month.
One particular of the vulnerabilities was assigned Critical standing, CVE-2023-21743. This is a distant authentication bypass, and remediation involves supplemental admin motion subsequent the installation of the SharePoint Server security update. Attackers are capable to exploit the vulnerability without the need of any person interaction, which is why Microsoft assigned it as Critical.
An additional high priority for security teams is an actively exploited zero-day vulnerability, CVE-2023-21674. This could empower a browser sandbox escape and give hackers with Procedure privileges.
Saeed Abbasi, supervisor of vulnerability and risk study at Qualys, observed: “Vulnerabilities of this nature are usually leveraged in tandem with malware or ransomware shipping.”
Microsoft has also resolved a publicly disclosed vulnerability, CVE-2023-21549, in Windows SMB Witness Services in this month’s update. To exploit this vulnerability, an attacker could execute a specially crafted destructive script which executes an RPC simply call to an RPC host. This could final result in elevation of privilege on the server.
This vulnerability requires urgent motion, with Chris Goettl, VP of security products at Ivanti commenting: “Public disclosure implies more than enough information about this vulnerability has been disclosed publicly giving attackers a head start on reverse engineering the vulnerability to endeavor to exploit it.”
The vulnerabilities CVE-2023-21763 and CVE-2023-21764 had been also notable inclusions in January’s Patch Tuesday. These Microsoft Trade Server flaws could allow for an attacker to elevate their privileges owing to a failure to patch a preceding vulnerability (CVE-2022-41123) effectively, and achieve Process privileges. Abbasi claimed: “Both SharePoint and Trade are critical tools that several corporations use to collaborate and total each day responsibilities – earning these vulnerabilities extremely appealing in the eyes of an attacker.”
Microsoft also issued steerage for Exchange shoppers concerning ProxyNotShell OWASSRF exploits. It read through: “At some point a vendor does want to move past a solution as the price tag of absolutely revamping explained alternative to meet up with much more contemporary use scenarios and desires becomes extremely tricky. Exchange Server is a superior instance of the dangers of keeping onto a technology also very long. Security researchers have stressed some basic hazards with jogging Exchange Server.”
The business additional: “To thoroughly assess this risk, you should believe you are competing with the concerted initiatives of incredibly educated adversaries. If you have not accounted for this in your risk assessment, possibilities are your corporation is continuing to run Exchange Server underneath wrong assumptions.”
Some elements of this write-up are sourced from: