The January 2023 Patch Tuesday comes with a whopping 98 updates

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Microsoft is not taking these vulnerabilities lightly and working hard to fix them.
  • As a result, January 2023 came with a huge number of security dedicated patches.
  • Check out everything there is to know about this Patch Tuesday release right here.
pt cve

The holidays are over and here we are, kicking off a new year of prosperity and possibilities. We hope you feel refreshed after your vacation because there’s a lot to catch up on.

As you know, it’s the second Tuesday of the month, which means that Windows users are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve taken the liberty of providing the direct download links for the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk CVEs again.

For January, Microsoft released 98 new patches, which is a lot more than some people were expecting right at the start of 2023.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • Office and Office Components
  • .NET Core and Visual Studio Code
  • 3D Builder, Azure Service Fabric Container
  • Windows BitLocker
  • Windows Defender
  • Windows Print Spooler Components
  • Microsoft Exchange Server

Microsoft released 98 new important security patches

Seeing how December 2022 was a pretty light month in terms of security patches, developers had to pick up the slack in January, which is exactly what happened.

You might like to know that, out of the 98 new CVEs released, 11 are rated Critical and 87 are rated Important in severity.

Also, keep in mind that this volume is the largest we’ve seen from Microsoft for a January release in quite some time.

Out of all these vulnerabilities addressed this month, only one is listed as publicly known, and one is listed as being in the wild at the time of release.

Note that these types of bugs are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link.

Let’s take a closer look at the full list of CVEs released by Microsoft for January 2023:

CVE Title Severity CVSS Public Exploited Type
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 8.8 No Yes EoP
CVE-2023-21549 Windows Workstation Service Elevation of Privilege Vulnerability Important 8.8 Yes No EoP
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 7.8 No No EoP
CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 8.2 No No SFB
CVE-2023-21730 Windows Cryptographic Services Remote Code Execution Vulnerability Critical 7.8 No No EoP
CVE-2023-21543 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2023-21546 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2023-21555 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2023-21556 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2023-21679 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2023-21535 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2023-21548 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2023-21538 .NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21780 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21781 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21782 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21784 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21786 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21791 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21793 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21783 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21785 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21787 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21788 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21790 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21792 3D Builder Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability Important 6.8 No No SFB
CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No Spoofing
CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No Spoofing
CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-21725 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 6.3 No No EoP
CVE-2023-21779 Visual Studio Code Remote Code Execution Vulnerability Important 7.3 No No RCE
CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability Important 6.6 No No SFB
CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-21559 Windows Cryptographic Services Information Disclosure Vulnerability Important 6.2 No No Info
CVE-2023-21525 Windows Encrypting File System (EFS) Denial of Service Vulnerability Important 5.9 No No DoS
CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-21757 Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-21728 Windows Netlogon Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability Important 5.3 No No Info
CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important 3.3 No No SFB
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP

Expert tip:

SPONSORED

Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.

Taking a closer look at the remaining Critical-rated fixes, there are two patches for Cryptographic Services, but we can classify them as more of privilege escalations rather than RCEs.

Furthermore, there are five patches for the Layer 2 Tunneling Protocol (L2TP), which was introduced back in Windows 2000.

Looking at the 25 code execution bugs fixed in this Patch Tuesday rollout, there are 14 fixes for the 3D Builder component.

There are also two fixes for SharePoint for RCE bugs that require authentication. However, every user by default has the permissions required to exploit these bugs.

We’re also looking at a couple of SQL-related fixes. Know that an attacker can execute code if they can convince an authenticated user into attempting to connect to a malicious SQL server via ODBC.

We also have to mention the fixes for 11 different information disclosure bugs this month, and seven of these merely result in info leaks consisting of unspecified memory contents.

This January release fixes 10 different Denial-of-Service (DoS) bugs, but Microsoft provides no real detail about these bugs, so it isn’t clear if successful exploitation results in the service stopping or the system crashing.

Two spoofing bugs in the Exchange server also received critical fixes, although the descriptions imply a different impact.

While one notes that successful exploitation could disclose NTLM hashes, the other is about an authenticated attacker could achieve exploitation given a Powershell remoting session to the server.

Nonetheless, make sure you update your Exchange server to ensure you remediate the multiple bugs being fixed this month.

Have you found any other issues after installing this month’s security updates? Share your experience with us in the comments section below.

Still having issues? Fix them with this tool:

SPONSORED

If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: