Microsoft’s January 2023 Patch Tuesday Addresses 98 Flaws, 1 Zero-Day

Microsoft’s latest monthly security update patches 98 vulnerabilities, including an actively exploited zero-day flaw.

Eleven of the flaws addressed by the January 2023 Patch Tuesday are rated “critical,” while the remaining 87 are only flagged “important.”

The most severe flaws patched by the rollout are a combination of security feature bypass, elevation of privilege and remote code execution (RCE) vulnerabilities. The other, less critical, shortcomings on the list could lead to information disclosure, spoofing and denial of service (DoS).

Microsoft’s latest monthly security update addresses a flaw currently under exploitation. Tracked as CVE-2023-21674, the bug is an Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability.

According to the company, the vulnerability could lead to a browser sandbox escape. In other words, perpetrators could use it to execute malicious code outside their confined sandbox.

A successful attack would let threat actors gain SYSTEM privileges and completely take over the compromised machine. However, exploiting the flaw requires the host to be already infected.

Furthermore, the vulnerability likely needs to be paired with additional malicious code to wreak havoc on compromised devices. Although the flaw is currently being exploited, Microsoft is keeping further details under wraps. For now, the company is offering no clue as to how perpetrators exploited the vulnerability in their attacks.

Installing Microsoft’s latest security updates can protect you from attacks exploiting the vulnerabilities addressed. Although most systems are configured to automatically retrieve and apply the latest security patches, you could also install them manually via Windows Update.

Using specialized security software such as Bitdefender Ultimate Security can strengthen your defenses against zero-day exploits and cyberthreats, with features like:

• Vulnerability assessment module that checks your system for missing Windows security patches, outdated software, and potentially unsafe settings and suggests the best fix
• All-around, continuous protection against viruses, worms, trojans, zero-day exploits, rootkits, spyware, ransomware, and other e-threats
• Behavioral detection technology that closely monitors active apps and takes instant action upon detecting suspicious activity
• Network threat prevention module that detects and blocks suspicious network-level activities such as botnet URLs, malware, exploits and brute force attacks