The first Microsoft Patch Tuesday of 2023 includes some rather important fixes

The first Patch Tuesday of 2023 is here, with Microsoft putting in quite the effort to start the year on a high note. 

In total, the Redmond software giant unveiled fixes for 98 security flaws, including generally known vulnerabilities, as well as those being abused in the wild. 

Almost a dozen (11) have been rated “critical” as they allow threat actors to remotely execute malicious code.

Fixes to Microsoft Exchange servers

The flaw that hackers are currently exploiting is CVE-2023-21674, a Windows advanced local procedure call (ALPC) elevation of privilege vulnerability that allows threat actors to gain SYSTEM privileges. This one has a severity score of 8.8.

Another vulnerability with an 8.8 severity score is CVE-2023-21549, a Windows SMB Witness Service elevation of privilege vulnerability that allows attackers to execute RPC functions usually reserved for privileged accounts. 

"To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host," the security alert reads. 

The list of fixed vulnerabilities is quite long, but a few other notable mentions include CVE-2023-21743, a Microsoft SharePoint Server security feature bypass vulnerability that allows threat actors to bypass the expected user access as an unauthenticated user, CVE-2023-21762 and CVE-2023-21745 (spoofing vulnerabilities in Microsoft Exchange servers), and CVE-2023-21763 and CVE-2023-21764 (elevation of privilege flaws in Exchange servers).

It’s also worth mentioning that these are the last security updates to ever hit Windows 7 and Windows 8.1. The former has reached the end of its three-year- pay-extra-to-get-extended-security-updates period, while Windows 8.1 simply won’t be getting any, regardless if firms are ready to pay or not. 

“As a reminder, Windows 8.1 will reach end of support on January 10, 2023 [2023-01-10], at which point technical assistance and software updates will no longer be provided,” Microsoft said. “Microsoft will not be offering an Extended Security Update (ESU) program for Windows 8.1. Continuing to use Windows 8.1 after January 10, 2023 may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations.”

Via: The Register



from TechRadar - All the latest technology news https://ift.tt/UkGwJd5
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us