Microsoft’s January Patch Tuesday Updates Fix 98 Windows Vulnerabilities
Microsoft has released yesterday the January Patch Tuesday updates for Windows 11 and Windows 10. Yesterday also marked the end of support for Windows 7, Windows 8.1, and Windows RT 8.1. Microsoft had already ended support for Windows 7 back in January 2020, but the company is now sunsetting its Extended Security Updates program for the OS released back in 2009.
This month’s Patch Tuesday updates include fixes for 98 vulnerabilities in Windows, Office, Microsoft Exchange Server, and more. The company also addressed an issue affecting the Local Session Manager (LSM), and it also fixed a known issue that was preventing apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases.
98 vulnerabilities fixed with the January 2023 Patch Tuesday updates
Among the 98 vulnerabilities that Microsoft fixed this month, 11 are rated “Critical,” and there’s also one “Important” vulnerability that is already being exploited by attackers. “This volume is the largest we’ve seen from Microsoft for a January release in quite some time,” the Zero Day Initiative emphasized yesterday.
Let’s take a closer look at some of the most important vulnerabilities Microsoft fixed this month:
- CVE-2023-21674: This Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability is already exploited by attackers to gain SYSTEM privileges.
- CVE-2023-21561: This Microsoft Cryptographic Services Elevation of Privilege Vulnerability could be exploited by attackers to execute code or access resources at a higher integrity level than that of the AppContainer execution environment.
- CVE-2023-21743: This SharePoint Server Security Feature Bypass Vulnerability could allow an unauthenticated attacker to bypass authentication and make an anonymous connection.
- CVE-2023-21543: This Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability could allow an unauthenticated attacker to send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
- CVE-2023-21535: This Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability could also allow an unauthenticated attacker to send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
- CVE-2023-21763/CVE-2023-21764: These Elevation of Privilege vulnerabilities in Microsoft Exchange Server could allow attackers to gain SYSTEM privileges. Microsoft said that Exchange Online customers are already protected and don’t need to take any action other than updating Exchange servers in their environment.
You can find below the full list of CVEs released by Microsoft for the month of January:
| Product | Impact | Max Severity | Article | Details |
| Windows RT 8.1 | Elevation of Privilege | Important | 5022346 | CVE-2023-21773 |
| Windows 11 version 21H2 for ARM64-based Systems | Elevation of Privilege | Important | 5022287 | CVE-2023-21768 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21767 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21760 |
| Windows 10 Version 21H2 for x64-based Systems | Denial of Service | Important | 5022282 | CVE-2023-21758 |
| Windows 10 Version 21H2 for x64-based Systems | Denial of Service | Important | 5022282 | CVE-2023-21757 |
| Windows RT 8.1 | Elevation of Privilege | Important | 5022346 | CVE-2023-21754 |
| Windows 10 Version 20H2 for x64-based Systems | Elevation of Privilege | Important | 5022282 | CVE-2023-21749 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21748 |
| Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5022282 | CVE-2023-21776 |
| Windows 10 for x64-based Systems | Elevation of Privilege | Important | 5022297 | CVE-2023-21774 |
| Windows Server 2012 (Server Core installation) | Elevation of Privilege | Important | 5022348 | CVE-2023-21747 |
| Windows 10 Version 1809 for x64-based Systems | Denial of Service | Important | 5022286 | CVE-2023-21525 |
| Windows Server 2019 (Server Core installation) | Elevation of Privilege | Important | 5022286 | CVE-2023-21750 |
| Windows RT 8.1 | Elevation of Privilege | Important | 5022346 | CVE-2023-21772 |
| Windows Server 2016 (Server Core installation) | Information Disclosure | Important | 5022289 | CVE-2023-21766 |
| Windows Server 2019 | Elevation of Privilege | Important | 5022286 | CVE-2023-21765 |
| Windows 11 version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5022287 | CVE-2023-21771 |
| Windows 10 Version 1809 for 32-bit Systems | Elevation of Privilege | Important | 5022286 | CVE-2023-21752 |
| Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5022282 | CVE-2023-21755 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21524 |
| Windows 10 Version 20H2 for x64-based Systems | Security Feature Bypass | Important | 5022282 | CVE-2023-21759 |
| Windows Server 2019 (Server Core installation) | Information Disclosure | Important | 5022286 | CVE-2023-21753 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21746 |
| Windows 10 Version 1607 for 32-bit Systems | Elevation of Privilege | Important | 5022289 | CVE-2023-21739 |
| Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5022282 | CVE-2023-21733 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Important | 5022352 | CVE-2023-21732 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Critical | 5022352 | CVE-2023-21730 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5022352 | CVE-2023-21728 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21726 |
| Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5022282 | CVE-2023-21724 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5022352 | CVE-2023-21683 |
| Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5022352 | CVE-2023-21682 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Important | 5022352 | CVE-2023-21681 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21680 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5022352 | CVE-2023-21679 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21678 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5022352 | CVE-2023-21677 |
| Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Important | 5022282 | CVE-2023-21676 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21675 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21674 |
| Windows Server 2012 R2 (Server Core installation) | Security Feature Bypass | Important | 5022352 | CVE-2023-21563 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Critical | 5022352 | CVE-2023-21561 |
| Windows Server 2012 R2 (Server Core installation) | Security Feature Bypass | Important | 5022352 | CVE-2023-21560 |
| Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5022282 | CVE-2023-21559 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21558 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5022352 | CVE-2023-21557 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5022352 | CVE-2023-21556 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5022352 | CVE-2023-21555 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21552 |
| Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Critical | 5022282 | CVE-2023-21551 |
| Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5022282 | CVE-2023-21550 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21549 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5022352 | CVE-2023-21548 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5022352 | CVE-2023-21543 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21542 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21541 |
| Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5022282 | CVE-2023-21540 |
| Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Important | 5022282 | CVE-2023-21539 |
| Windows Server 2016 (Server Core installation) | Denial of Service | Important | 5022289 | CVE-2023-21547 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5022352 | CVE-2023-21546 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21537 |
| Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5022282 | CVE-2023-21536 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5022352 | CVE-2023-21535 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | CVE-2023-21532 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5022352 | CVE-2023-21527 |
Quality and experience updates
On Windows 11 and Windows 10, Microsoft fixed a Local Session Manager (LSM) issue that could allow users without admin rights to perform actions that only an admin can. Additionally, Microsoft fixed a known issue causing apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to fail to connect to databases.
In the release notes for Windows 11 version 21H2 and Windows 10 versions 22H2, 21H2, and 20H2, Microsoft mentioned an additional fix for a startup issue. In some cases, Windows 10 and Windows 11 users could receive an error (0xc000021a) and see a blue screen during the startup process, but this should no longer be happening.
There are no UI changes with this month’s Patch Tuesday updates. Microsoft sometimes introduces minor new features or UI changes in the optional “C” updates released at the end of every month, but Microsoft skipped these optional preview releases last month due to the holidays.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.