The January 2023 Patch Tuesday comes with a whopping 98 updates

Reading time icon 8 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Key notes

  • Microsoft is not taking these vulnerabilities lightly and working hard to fix them.
  • As a result, January 2023 came with a huge number of security dedicated patches.
  • Check out everything there is to know about this Patch Tuesday release right here.
pt cve
XINSTALL BY CLICKING THE DOWNLOAD FILE
A message from our partner

To fix Windows PC system issues, you will need a dedicated tool

  • Download Fortect and install it on your PC
  • Start the tool's scanning process to look for corrupt files that are the source of your problem
  • Right-click on Start Repair so the tool could start the fixing algorythm
Download from Fortect.com Fortect has been downloaded by 0 readers this month, rated 4.4 on TrustPilot

The holidays are over and here we are, kicking off a new year of prosperity and possibilities. We hope you feel refreshed after your vacation because there’s a lot to catch up on.

As you know, it’s the second Tuesday of the month, which means that Windows users are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve taken the liberty of providing the direct download links for the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk CVEs again.

For January, Microsoft released 98 new patches, which is a lot more than some people were expecting right at the start of 2023.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • Office and Office Components
  • .NET Core and Visual Studio Code
  • 3D Builder, Azure Service Fabric Container
  • Windows BitLocker
  • Windows Defender
  • Windows Print Spooler Components
  • Microsoft Exchange Server

Microsoft released 98 new important security patches

Seeing how December 2022 was a pretty light month in terms of security patches, developers had to pick up the slack in January, which is exactly what happened.

You might like to know that, out of the 98 new CVEs released, 11 are rated Critical and 87 are rated Important in severity.

Also, keep in mind that this volume is the largest we’ve seen from Microsoft for a January release in quite some time.

Out of all these vulnerabilities addressed this month, only one is listed as publicly known, and one is listed as being in the wild at the time of release.

Note that these types of bugs are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link.

Let’s take a closer look at the full list of CVEs released by Microsoft for January 2023:

CVETitleSeverityCVSSPublicExploitedType
CVE-2023-21674Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityImportant8.8NoYesEoP
CVE-2023-21549Windows Workstation Service Elevation of Privilege VulnerabilityImportant8.8YesNoEoP
CVE-2023-21561Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical8.8NoNoEoP
CVE-2023-21551Microsoft Cryptographic Services Elevation of Privilege VulnerabilityCritical7.8NoNoEoP
CVE-2023-21743Microsoft SharePoint Server Security Feature Bypass VulnerabilityCritical8.2NoNoSFB
CVE-2023-21730Windows Cryptographic Services Remote Code Execution VulnerabilityCritical7.8NoNoEoP
CVE-2023-21543Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2023-21546Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2023-21555Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2023-21556Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2023-21679Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2023-21535Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2023-21548Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2023-21538.NET Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-217803D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217813D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217823D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217843D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217863D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217913D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217933D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217833D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217853D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217873D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217883D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217893D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217903D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-217923D Builder Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-21531Azure Service Fabric Container Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-21563BitLocker Security Feature Bypass VulnerabilityImportant6.8NoNoSFB
CVE-2023-21536Event Tracing for Windows Information Disclosure VulnerabilityImportant4.7NoNoInfo
CVE-2023-21753Event Tracing for Windows Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2023-21547Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-21724Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21764Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21763Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21761Microsoft Exchange Server Information Disclosure VulnerabilityImportant7.5NoNoInfo
CVE-2023-21762Microsoft Exchange Server Spoofing VulnerabilityImportant8NoNoSpoofing
CVE-2023-21745Microsoft Exchange Server Spoofing VulnerabilityImportant8NoNoSpoofing
CVE-2023-21537Microsoft Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21732Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-21734Microsoft Office Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-21735Microsoft Office Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-21741Microsoft Office Visio Information Disclosure VulnerabilityImportant7.1NoNoInfo
CVE-2023-21736Microsoft Office Visio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-21737Microsoft Office Visio Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-21738Microsoft Office Visio Remote Code Execution VulnerabilityImportant7.1NoNoRCE
CVE-2023-21744Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-21742Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-21681Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-21725Microsoft Windows Defender Elevation of Privilege VulnerabilityImportant6.3NoNoEoP
CVE-2023-21779Visual Studio Code Remote Code Execution VulnerabilityImportant7.3NoNoRCE
CVE-2023-21768Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21539Windows Authentication Remote Code Execution VulnerabilityImportant7.5NoNoRCE
CVE-2023-21752Windows Backup Service Elevation of Privilege VulnerabilityImportant7.1NoNoEoP
CVE-2023-21733Windows Bind Filter Driver Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-21739Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-21560Windows Boot Manager Security Feature Bypass VulnerabilityImportant6.6NoNoSFB
CVE-2023-21726Windows Credential Manager User Interface Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21540Windows Cryptographic Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2023-21550Windows Cryptographic Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2023-21559Windows Cryptographic Services Information Disclosure VulnerabilityImportant6.2NoNoInfo
CVE-2023-21525Windows Encrypting File System (EFS) Denial of Service VulnerabilityImportant5.9NoNoDoS
CVE-2023-21558Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21552Windows GDI Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21532Windows GDI Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-21542Windows Installer Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-21683Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-21677Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-21758Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-21527Windows iSCSI Service Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-21755Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21754Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21747Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21748Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21749Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21772Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21773Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21774Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21675Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21750Windows Kernel Elevation of Privilege VulnerabilityImportant7.1NoNoEoP
CVE-2023-21776Windows Kernel Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2023-21757Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-21557Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-21676Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-21524Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21771Windows Local Session Manager (LSM) Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-21728Windows Netlogon Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-21746Windows NTLM Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21767Windows Overlay Filter Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21766Windows Overlay Filter Information Disclosure VulnerabilityImportant4.7NoNoInfo
CVE-2023-21682Windows Point-to-Point Protocol (PPP) Information Disclosure VulnerabilityImportant5.3NoNoInfo
CVE-2023-21760Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.1NoNoEoP
CVE-2023-21765Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21678Windows Print Spooler Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21759Windows Smart Card Resource Management Server Security Feature Bypass VulnerabilityImportant3.3NoNoSFB
CVE-2023-21541Windows Task Scheduler Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-21680Windows Win32k Elevation of Privilege VulnerabilityImportant7.8NoNoEoP

Taking a closer look at the remaining Critical-rated fixes, there are two patches for Cryptographic Services, but we can classify them as more of privilege escalations rather than RCEs.

Furthermore, there are five patches for the Layer 2 Tunneling Protocol (L2TP), which was introduced back in Windows 2000.

Looking at the 25 code execution bugs fixed in this Patch Tuesday rollout, there are 14 fixes for the 3D Builder component.

There are also two fixes for SharePoint for RCE bugs that require authentication. However, every user by default has the permissions required to exploit these bugs.

We’re also looking at a couple of SQL-related fixes. Know that an attacker can execute code if they can convince an authenticated user into attempting to connect to a malicious SQL server via ODBC.

We also have to mention the fixes for 11 different information disclosure bugs this month, and seven of these merely result in info leaks consisting of unspecified memory contents.

This January release fixes 10 different Denial-of-Service (DoS) bugs, but Microsoft provides no real detail about these bugs, so it isn’t clear if successful exploitation results in the service stopping or the system crashing.

Two spoofing bugs in the Exchange server also received critical fixes, although the descriptions imply a different impact.

While one notes that successful exploitation could disclose NTLM hashes, the other is about an authenticated attacker could achieve exploitation given a Powershell remoting session to the server.

Nonetheless, make sure you update your Exchange server to ensure you remediate the multiple bugs being fixed this month.

Have you found any other issues after installing this month’s security updates? Share your experience with us in the comments section below.

More about the topics: patch tuesday