Microsoft’s January Patch Tuesday Updates Fix 98 Windows Vulnerabilities

Last Update: Jan 20, 2023 | Published: Jan 11, 2023

Windows 11

SHARE ARTICLE

Microsoft has released yesterday the January Patch Tuesday updates for Windows 11 and Windows 10. Yesterday also marked the end of support for Windows 7, Windows 8.1, and Windows RT 8.1. Microsoft had already ended support for Windows 7 back in January 2020, but the company is now sunsetting its Extended Security Updates program for the OS released back in 2009. 

This month’s Patch Tuesday updates include fixes for 98 vulnerabilities in Windows, Office, Microsoft Exchange Server, and more. The company also addressed an issue affecting the Local Session Manager (LSM), and it also fixed a known issue that was preventing apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases.

98 vulnerabilities fixed with the January 2023 Patch Tuesday updates

Among the 98 vulnerabilities that Microsoft fixed this month, 11 are rated “Critical,” and there’s also one “Important” vulnerability that is already being exploited by attackers. “This volume is the largest we’ve seen from Microsoft for a January release in quite some time,” the Zero Day Initiative emphasized yesterday.

Let’s take a closer look at some of the most important vulnerabilities Microsoft fixed this month:

  • CVE-2023-21674: This Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability is already exploited by attackers to gain SYSTEM privileges.
  • CVE-2023-21561: This Microsoft Cryptographic Services Elevation of Privilege Vulnerability could be exploited by attackers to execute code or access resources at a higher integrity level than that of the AppContainer execution environment.
  • CVE-2023-21743: This SharePoint Server Security Feature Bypass Vulnerability could allow an unauthenticated attacker to bypass authentication and make an anonymous connection.
  • CVE-2023-21543: This Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability could allow an unauthenticated attacker to send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
  • CVE-2023-21535: This Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability could also allow an unauthenticated attacker to send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
  • CVE-2023-21763/CVE-2023-21764: These Elevation of Privilege vulnerabilities in Microsoft Exchange Server could allow attackers to gain SYSTEM privileges. Microsoft said that Exchange Online customers are already protected and don’t need to take any action other than updating Exchange servers in their environment.

You can find below the full list of CVEs released by Microsoft for the month of January:

ProductImpactMax SeverityArticleDetails
Windows RT 8.1Elevation of PrivilegeImportant5022346CVE-2023-21773
Windows 11 version 21H2 for ARM64-based SystemsElevation of PrivilegeImportant5022287CVE-2023-21768
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21767
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21760
Windows 10 Version 21H2 for x64-based SystemsDenial of ServiceImportant5022282CVE-2023-21758
Windows 10 Version 21H2 for x64-based SystemsDenial of ServiceImportant5022282CVE-2023-21757
Windows RT 8.1Elevation of PrivilegeImportant5022346CVE-2023-21754
Windows 10 Version 20H2 for x64-based SystemsElevation of PrivilegeImportant5022282CVE-2023-21749
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21748
Windows 10 Version 21H2 for x64-based SystemsInformation DisclosureImportant5022282CVE-2023-21776
Windows 10 for x64-based SystemsElevation of PrivilegeImportant5022297CVE-2023-21774
Windows Server 2012 (Server Core installation)Elevation of PrivilegeImportant5022348CVE-2023-21747
Windows 10 Version 1809 for x64-based SystemsDenial of ServiceImportant5022286CVE-2023-21525
Windows Server 2019 (Server Core installation)Elevation of PrivilegeImportant5022286CVE-2023-21750
Windows RT 8.1Elevation of PrivilegeImportant5022346CVE-2023-21772
Windows Server 2016 (Server Core installation)Information DisclosureImportant5022289CVE-2023-21766
Windows Server 2019Elevation of PrivilegeImportant5022286CVE-2023-21765
Windows 11 version 21H2 for x64-based SystemsElevation of PrivilegeImportant5022287CVE-2023-21771
Windows 10 Version 1809 for 32-bit SystemsElevation of PrivilegeImportant5022286CVE-2023-21752
Windows 10 Version 21H2 for x64-based SystemsElevation of PrivilegeImportant5022282CVE-2023-21755
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21524
Windows 10 Version 20H2 for x64-based SystemsSecurity Feature BypassImportant5022282CVE-2023-21759
Windows Server 2019 (Server Core installation)Information DisclosureImportant5022286CVE-2023-21753
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21746
Windows 10 Version 1607 for 32-bit SystemsElevation of PrivilegeImportant5022289CVE-2023-21739
Windows 10 Version 21H2 for x64-based SystemsElevation of PrivilegeImportant5022282CVE-2023-21733
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionImportant5022352CVE-2023-21732
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeCritical5022352CVE-2023-21730
Windows Server 2012 R2 (Server Core installation)Denial of ServiceImportant5022352CVE-2023-21728
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21726
Windows 10 Version 21H2 for x64-based SystemsElevation of PrivilegeImportant5022282CVE-2023-21724
Windows Server 2012 R2 (Server Core installation)Denial of ServiceImportant5022352CVE-2023-21683
Windows Server 2012 R2 (Server Core installation)Information DisclosureImportant5022352CVE-2023-21682
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionImportant5022352CVE-2023-21681
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21680
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionCritical5022352CVE-2023-21679
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21678
Windows Server 2012 R2 (Server Core installation)Denial of ServiceImportant5022352CVE-2023-21677
Windows 10 Version 21H2 for x64-based SystemsRemote Code ExecutionImportant5022282CVE-2023-21676
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21675
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21674
Windows Server 2012 R2 (Server Core installation)Security Feature BypassImportant5022352CVE-2023-21563
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeCritical5022352CVE-2023-21561
Windows Server 2012 R2 (Server Core installation)Security Feature BypassImportant5022352CVE-2023-21560
Windows 10 Version 21H2 for x64-based SystemsInformation DisclosureImportant5022282CVE-2023-21559
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21558
Windows Server 2012 R2 (Server Core installation)Denial of ServiceImportant5022352CVE-2023-21557
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionCritical5022352CVE-2023-21556
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionCritical5022352CVE-2023-21555
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21552
Windows 10 Version 21H2 for x64-based SystemsElevation of PrivilegeCritical5022282CVE-2023-21551
Windows 10 Version 21H2 for x64-based SystemsInformation DisclosureImportant5022282CVE-2023-21550
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21549
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionCritical5022352CVE-2023-21548
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionCritical5022352CVE-2023-21543
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21542
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21541
Windows 10 Version 21H2 for x64-based SystemsInformation DisclosureImportant5022282CVE-2023-21540
Windows 10 Version 21H2 for x64-based SystemsRemote Code ExecutionImportant5022282CVE-2023-21539
Windows Server 2016 (Server Core installation)Denial of ServiceImportant5022289CVE-2023-21547
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionCritical5022352CVE-2023-21546
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21537
Windows 10 Version 21H2 for x64-based SystemsInformation DisclosureImportant5022282CVE-2023-21536
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionCritical5022352CVE-2023-21535
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5022352CVE-2023-21532
Windows Server 2012 R2 (Server Core installation)Denial of ServiceImportant5022352CVE-2023-21527

Quality and experience updates

On Windows 11 and Windows 10, Microsoft fixed a Local Session Manager (LSM) issue that could allow users without admin rights to perform actions that only an admin can. Additionally,  Microsoft fixed a known issue causing apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to fail to connect to databases. 

In the release notes for Windows 11 version 21H2 and Windows 10 versions 22H2, 21H2, and 20H2, Microsoft mentioned an additional fix for a startup issue. In some cases, Windows 10 and Windows 11 users could receive an error (0xc000021a) and see a blue screen during the startup process, but this should no longer be happening.  

There are no UI changes with this month’s Patch Tuesday updates. Microsoft sometimes introduces minor new features or UI changes in the optional “C” updates released at the end of every month, but Microsoft skipped these optional preview releases last month due to the holidays. 

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.

SHARE ARTICLE