- 06/2023
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for an actively exploited zero-day vulnerability.
Microsoft has fixed (98) vulnerabilities, with (11) classified as critical as they allow remote code execution, bypass security features, or elevation of privileges.
January’s Patch Tuesday was released to fix security flaws in some products such as .NET Framework, Azure, Exchange Server, Microsoft Local Security Authority Server (lsasrv), Windows ALPC, Windows BitLocker, Windows Boot Manager, Windows Credential Manager, Windows Event Tracing, Windows Installer, Windows Internet Key Exchange (IKE) Protocol, Windows Kernel, Windows LDAP – Lightweight Directory Access Protocol, Windows Local Security Authority (LSA), Windows Local Session Manager (LSM), Windows Malicious Software Removal Tool, Windows NTLM, and Windows Secure Socket Tunneling Protocol (SSTP).
The actively exploited zero-day privilege escalation vulnerability (CVE-2023-21674) is caused by a flaw in the Advanced Local Procedure Call (ALPC) component which allows the attacker to obtain full system privileges by executing a specially-crafted program on the vulnerable system.
Samples of the addressed vulnerabilities:
1. Microsoft Windows Workstation Service Privilege Escalation Vulnerability (CVE-2023-21549):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Gain Privilege
2. Windows Secure Socket Tunneling Protocol Code Execution Vulnerability (CVE-2023-21535):
• CVSS: 8.1
• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
Indicators of Compromise
Indicators of compromise will be shared with EG-FinCIRT’s Constituents
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.