Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day

Posted on January 10, 2023 by

​Today is Microsoft’s January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.

This is the first Patch Tuesday of 2023, and it fixes a whopping 98 vulnerabilities, with eleven of them classified as ‘Critical.’

Microsoft gave the vulnerabilities this severity rating as they allow remote code execution, bypass security features, or elevate privileges.

The number of bugs in each vulnerability category is listed below:

  • 39 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 33 Remote Code Execution Vulnerabilities
  • 10 Information Disclosure Vulnerabilities
  • 10 Denial of Service Vulnerabilities
  • 2 Spoofing Vulnerabilities

One zero-day fixed

This month’s Patch Tuesday fixes one zero-day vulnerability, one actively exploited and the other publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The actively exploited zero-day vulnerability fixed in today’s updates is:

CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability discovered by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast.

Microsoft states that this is a Sandbox escape vulnerability that can lead to the elevation of privileges.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft’s advisory.

It is unclear how threat actors used this vulnerability in attacks, and BleepingComputer reached out to Avast for comment.

Microsoft also stated that ‘CVE-2023-21549 – Windows SMB Witness Service Elevation of Privilege Vulnerability‘ was publicly disclosed.

However, BleepingComputer was told by Akamai security researcher Stiv Kupchik that they followed the regular disclosure process and the vulnerability should not be classified as publicly disclosed.

Recent updates from other companies

Other vendors who released updates in January 2023 include:

The January 2023 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the January 2023 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.


Original Posts: Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day