» » Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day

Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day

By Orbit Brain 0 289 views
Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day

Residence › Endpoint Safety

Microsoft Patch Tuesday: 97 Home windows Vulns, 1 Exploited Zero-Day

By Ryan Naraine on January 10, 2023

Tweet

Microsoft’s safety patching machine hummed into overdrive Tuesday with the discharge of fixes for at the least 97 documented software program vulnerabilities, together with a zero-day that’s already been exploited to flee the browser sandbox.

The zero-day, flagged by researchers at anti-malware firm Avast, was exploited in reside assaults to raise privileges and escape a browser’s sandbox mitigation.

As has develop into customary, Microsoft is stingy with particulars on the vulnerability or the assaults.  An advisory from Redmond marks the CVE-2023-21674 flaw within the “Exploitation Detected” class however the firm didn’t launch IOCs or any knowledge to assist defenders hunt for indicators of compromise.

“An attacker who efficiently exploited this vulnerability may achieve SYSTEM privileges,” Microsoft mentioned, noting that the bug exists within the Home windows Superior Native Process Name (ALPC) part.

Microsoft additionally known as consideration to CVE-2023-21549, a privilege escalation subject within the Home windows SMB Witness Service, warning that technical particulars on the vulnerability are publicly out there. 

To take advantage of this vulnerability, an attacker may execute a specifically crafted malicious script which executes an RPC name to an RPC host. This might lead to elevation of privilege on the server.

An attacker who efficiently exploited this vulnerability may execute RPC capabilities which might be restricted to privileged accounts solely, Microsoft added.

The January batch of patches fixes code execution, denial-of-service and elevation of privilege flaws in a variety of WIndows OS and system elements.

Microsoft documented main safety issues in its flagship Workplace productiveness suite, .Web Core and Visible Studio Code, Microsoft Trade Server, Home windows Print Spooler, Home windows Defender and Home windows BitLocker.

The Microsoft patches come on the identical day software program maker Adobe rolled out fixes for at the least 29 safety vulnerabilities in a variety of enterprise-facing merchandise. Probably the most outstanding replace, for the extensively deployed Adobe Acrobat and Reader software program, fixes critical-severity flaws that expose Home windows and macOS customers to code execution assaults. 

Video messaging big Zoom additionally launched patches for a number of safety vulnerabilities that expose each Home windows and macOS customers to malicious hacker assaults. The vulnerabilities, within the enterprise-facing Zoom Rooms product, might be exploited in privilege escalation assaults on each Home windows and macOS platforms.

Associated: Adobe Plugs Safety Holes in Acrobat, Reader Software program

Associated: Zoom Patches Excessive Threat Flaws on Home windows, MacOS Platforms

Associated: ICS Patch Tuesday Debuts With Warnings From Siemens, Schneider

Get the Each day Briefing

 
 
 

  • Most Current
  • Most Learn
  • Microsoft Patch Tuesday: 97 Home windows Vulns, 1 Exploited Zero-Day
  • Intel Provides TDX to Confidential Computing Portfolio With Launch of 4th Gen Xeon Processors
  • Adobe Plugs Safety Holes in Acrobat, Reader Software program
  • Zoom Patches Excessive Threat Flaws on Home windows, MacOS Platforms
  • 2023 ICS Patch Tuesday Debuts With 12 Safety Advisories From Siemens, Schneider
  • Vulnerability in Fashionable JsonWebToken Open Supply Challenge Results in Code Execution
  • GitHub Introduces Automated Vulnerability Scanning Characteristic
  • PyPI Customers Focused With PoweRAT Malware
  • Iowa’s Largest Metropolis Cancels Lessons On account of Cyber Assault
  • How Will a Recession Will Have an effect on CISOs?

In search of Malware in All of the Incorrect Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Laptop Says About You

Be in a Place to Act Via Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice 12 months To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Methods to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

Methods to Defend In opposition to DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

SecurityWeek Podcast

author-Orbit Brain
Orbit Brain
https://orbitbrain.com/
Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.

Cyber Security News Related Articles



Acer Predator 6 deca-core phone and Predator 8 gaming devices launched
Acer goes nuts, makes the world’s first gaming laptop with a curved display
Acer brings computers galore to CES 2017!
Core i9 to feature in upcoming generation of Intel processors
Hp elitebook 8440p Core i5
Website Design and Development E Commerce Services
Dial Vision – World’s First Adjustable Eyeglasses
Smartphone Joystick
NEON SIGN KIT FREE DOWNLOAD
Schematics of Acer Iconia One 8 (2018) tablet with entry level specs appears on FCC