On the first Patch Tuesday, Microsoft released patches for 98 different vulnerabilities, including one 0-day issue that hackers already exploit.
The first 0-day bug this year received the identifier CVE-2023-21674 (8.8 points on the CVSS scale) and was identified by experts from the Avast antivirus company. It is known to have been used by attackers in real attacks to elevate privileges to the SYSTEM level and escape from the browser sandbox.Let me remind you that we also wrote that Microsoft Told about a Bug in MacOS that Allowed to Bypass Gatekeeper, and also that Microsoft December Updates Break the Creation of Virtual Machines in Hyper-V.
Let me also remind you that the media reported that Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It.
Unfortunately, Microsoft traditionally does not provide any details about the exploitation of the vulnerability and the attacks themselves: so far, the company has not even published indicators of compromise or any other information that could help information security specialists detect signs of compromise.
Microsoft also paid special attention to the CVE-2023-21549 issue related to privilege escalation in the Windows SMB Witness Service. The company warned that the technical details of this vulnerability were disclosed publicly even before the release of the patch. Interestingly, the Akamai specialists who discovered this bug deny this.
To exploit this vulnerability, an attacker could execute a malicious script that makes an RPC call to the RPC host. As a result, this can lead to privilege escalation on the server.
Other interesting vulnerabilities include CVE-2023-21743, a security bypass bug in Microsoft Sharepoint Server. The developers believe that this vulnerability is most likely to be exploited by hackers, and note that it could allow an unauthenticated attacker to establish an anonymous connection.
In addition to Microsoft, other companies released updates for their products this week:
- Adobe has released fixes for 29 vulnerabilities in products such as Acrobat and Reader, InDesign, InCopy, and Dimension. None of the vulnerabilities were exploited by hackers.
- SAP has released 12 new and updated patches. It turned out that the Capture-Replay vulnerability in the trusted-trusting architecture of RFC and HTTP scripts allows attackers to gain illegal access to SAP systems.
- Cisco has released updates for the Cisco IP Phone 7800 and 8800 affected by the 0-day vulnerability.
- Citrix has released security updates for Cisco Identity Services.
- Intel has provided a patch for a serious bug in oneAPI Toolkits that allowed privilege escalation and has been identified as CVE-2022-4019.
- Android received fixes for more than 50 issues in January, but none of the bugs were exploited by hackers.
