Wtorkowa łatka Microsoftu ze stycznia 2023 r., a wraz z nią poprawki aktywnie wykorzystywanej luki dnia zerowego oraz łącznie 98 błędów, z których jedenaście zostało sklasyfikowanych jako „krytyczne”. W tym miesiącu Patch Tuesday naprawia jedną lukę zero-day, jedną aktywnie wykorzystywaną, a drugą ujawnioną publicznie.
Aktywnie wykorzystywana luka dnia zerowego, naprawiona w dzisiejszych aktualizacjach, to:
Microsoft twierdzi, iż jest to luka umożliwiająca wyjście z piaskownicy, która może prowadzić do podniesienia uprawnień.
„Atakujący, któremu uda się wykorzystać tę lukę, może uzyskać uprawnienia SYSTEMOWE” — wyjaśnia poradnik Microsoftu.
Microsoft stwierdził również, iż ujawniono publicznie lukę „CVE-2023-21549 — Windows SMB Witness Service Elevation of Privilege”.
Wtorkowe aktualizacje zabezpieczeń ze stycznia 2023 r
Poniżej znajduje się pełna lista usuniętych luk w zabezpieczeniach i wydanych ostrzeżeń w aktualizacjach z wtorkowym patchem.
Tag | Numer CVE | CVE Tytuł | Krytyczność |
.NET Core | CVE-2023-21538 | .NET Denial of Service Vulnerability | Ważna |
3D Builder | CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | Ważna |
3D Builder | CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | Ważna |
Azure Service Fabric Container | CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Ważna |
Microsoft Bluetooth Driver | CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Ważna |
Microsoft Exchange Server | CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Ważna |
Microsoft Exchange Server | CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Ważna |
Microsoft Exchange Server | CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Ważna |
Microsoft Exchange Server | CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Ważna |
Microsoft Exchange Server | CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Ważna |
Microsoft Graphics Component | CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | Ważna |
Microsoft Graphics Component | CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | Ważna |
Microsoft Graphics Component | CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | Ważna |
Microsoft Local Security Authority Server (lsasrv) | CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | Ważna |
Microsoft Message Queuing | CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Ważna |
Microsoft Office | CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | Ważna |
Microsoft Office | CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | Ważna |
Microsoft Office SharePoint | CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Ważna |
Microsoft Office SharePoint | CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Krytyczna |
Microsoft Office SharePoint | CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Ważna |
Microsoft Office Visio | CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | Ważna |
Microsoft Office Visio | CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | Ważna |
Microsoft Office Visio | CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | Ważna |
Microsoft Office Visio | CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | Ważna |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Ważna |
Visual Studio Code | CVE-2023-21779 | Visual Studio Code Remote Code Execution | Ważna |
Windows ALPC | CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Ważna |
Windows Ancillary Function Driver for WinSock | CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Ważna |
Windows Authentication Methods | CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | Ważna |
Windows Backup Engine | CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | Ważna |
Windows Bind Filter Driver | CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Ważna |
Windows BitLocker | CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | Ważna |
Windows Boot Manager | CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | Ważna |
Windows Credential Manager | CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | Ważna |
Windows Cryptographic Services | CVE-2023-21559 | Windows Cryptographic Information Disclosure Vulnerability | Ważna |
Windows Cryptographic Services | CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Krytyczna |
Windows Cryptographic Services | CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Krytyczna |
Windows Cryptographic Services | CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | Ważna |
Windows Cryptographic Services | CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Krytyczna |
Windows Cryptographic Services | CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | Ważna |
Windows DWM Core Library | CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Ważna |
Windows Error Reporting | CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Ważna |
Windows Event Tracing | CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | Ważna |
Windows IKE Extension | CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Ważna |
Windows IKE Extension | CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Ważna |
Windows IKE Extension | CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Ważna |
Windows Installer | CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | Ważna |
Windows Internet Key Exchange (IKE) Protocol | CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Ważna |
Windows iSCSI | CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | Ważna |
Windows Kernel | CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Kernel | CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | Ważna |
Windows Layer 2 Tunneling Protocol | CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Krytyczna |
Windows Layer 2 Tunneling Protocol | CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Krytyczna |
Windows Layer 2 Tunneling Protocol | CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Krytyczna |
Windows Layer 2 Tunneling Protocol | CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Krytyczna |
Windows Layer 2 Tunneling Protocol | CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Krytyczna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Ważna |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Ważna |
Windows Local Security Authority (LSA) | CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Ważna |
Windows Local Session Manager (LSM) | CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Ważna |
Windows Malicious Software Removal Tool | CVE-2023-21725 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | Ważna |
Windows Management Instrumentation | CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows NTLM | CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | Ważna |
Windows ODBC Driver | CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Ważna |
Windows Overlay Filter | CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | Ważna |
Windows Overlay Filter | CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | Ważna |
Windows Point-to-Point Tunneling Protocol | CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | Ważna |
Windows Print Spooler Components | CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | Ważna |
Windows Print Spooler Components | CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | Ważna |
Windows Print Spooler Components | CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | Ważna |
Windows Remote Access Service L2TP Driver | CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | Ważna |
Windows RPC API | CVE-2023-21525 | Remote Procedure Call Runtime Denial of Service Vulnerability | Ważna |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Krytyczna |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Krytyczna |
Windows Smart Card | CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Ważna |
Windows Task Scheduler | CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Virtual Registry Provider | CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | Ważna |
Windows Workstation Service | CVE-2023-21549 | Windows SMB Witness Service Elevation of Privilege Vulnerability | Ważna |