Microsoft Patch Tuesday | January 10

Published On: January 10, 2023Categories: Cyber Briefs

In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, January 10, 2023. Today’s Patch Tuesday comes with fixes for one zero-days including a zero-day vulnerability currently used by cyber criminals, and a total of 98 flaws.

What is Patch Tuesday?

Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.

Why is it important?

This month’s patch Tuesday is critical because it fixes one zero-day vulnerabilities (a vulnerability in a system or device that has been disclosed but is not yet patched). The SensCy team recommends Microsoft users install those patches immediately.

Of the two zero-day vulnerabilities, one is actively exploited . It can be tracked as CVE-2023-21674 and is a Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Microsoft’s advisory explained that “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges,”

In addition to the zero-day fix, Microsoft is also fixing 98 vulnerabilities, with six classified as “Critical” as they allow privileged elevation, remote code execution, spoofing.

Here is a breakdown of each vulnerability category:

  • 39 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 33 Remote Code Execution Vulnerabilities
  • 10 Information Disclosure Vulnerabilities
  • 10 Denial of Service Vulnerabilities
  • 2 Spoofing Vulnerabilities

For more information on vulnerabilities and the system that it effects, please refer to the full report from Microsoft linked here.

If you have any questions or concerns regarding patch Tuesday and are unsure of the implication of the new updates on your company, please reach out to SensCy.

Related Posts

  • March 24, 2023

    Categories: Cyber Briefs

    In today’s SensCy Cyber Brief, your SensCy team is investigating the potential use of the new Artificial Intelligence (AI) ChatGPT. In this brief, we will [...]

  • February 1, 2023

    Categories: Cyber Briefs

    In today’s Cyber Brief, SensCy analyzes a new phishing trend targeted at password managers, notably Bitwarden. Many users have found that Bitwarden password vaults were [...]

  • January 19, 2023

    Categories: Cyber Briefs

    One of SensCy’s missions is to bring awareness to small and medium- sized organizations about the ever-evolving cyber threat landscape. One of cybersecurity’s main issues [...]