Cadastre-se agora para um orçamento mais personalizado!

Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes

11 de janeiro de 2023 Hi-network.com
Shutterstock

Windows and Office admins get a busy start to 2023, with Microsoft releasing 98 security fixes for its platforms -- that's a big haul when compared to most Patch Tuesdays and almost double the number it turned out leading into the holiday season.

January 2023 Patch Tuesday addresses two zero-day flaws but only one of them is known to be actively exploited, which is the critical Windows flaw, tracked as CVE-2023-21674. This flaw allows an attacker with local privileges to elevate to system, the highest level of privileges. It has a CVSSv3 severity score of 8.8 out of 10. 

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

Notably, this flaw affects the Windows Advanced Local Procedure Call (ALPC) and, as Rapid7's Greg Wiseman notes, is reminiscent of an ALPC zero-day in September 2018 that was swiftly employed in malware campaigns. 

"Given its low attack complexity, the existence of functional proof-of-concept code, and the potential for sandbox escape, this may be a vulnerability to keep a close eye on," notes Wiseman.

The flaw was found by malware analysts at Avast, Jan Vojt

tag-icon Tags quentes : Tecnologia Segurança

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.