Today is the second Tuesday of January 2023 and it’s time to check out the latest security updates from Microsoft. As part of this month’s patch update, Microsoft Fixes 98 vulnerabilities that impact several products in its portfolio. Where 11 of them are classified as ‘Critical’ as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing, and four of them is rated Moderate in severity, and the rest of 87 are Important.
Contents
Microsoft January 2023 Patch Tuesday
With today’s update, Microsoft patched several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, Spoofing and Tampering.
The number of bugs in each vulnerability category is listed below:
- 39 Elevation of Privilege Vulnerabilities
- 4 Security Feature Bypass Vulnerabilities
- 33 Remote Code Execution Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
A crucial part of this month’s security updates consists of patches for six actively exploited zero-day vulnerabilities, one of which was publicly disclosed.
The Important bug this month is CVE-2023-21674 It has a CVSSv3 severity score of 8.8 out of 10. An attacker that successfully exploits this vulnerability will get system privileges. It requires no user interaction and low privileges to exploit.
Another critical vulnerability affects Windows SMB Witness Service, tracked as CVE-2023-21674, and is also an elevation of privilege vulnerability with a severity score of 8.8.
Microsoft Offensive Research and Security Engineering (MORSE) found a critical elevation of privilege flaw in Microsoft Cryptographic Services, tracked as CVE-2023-21730
Two more critical flaws (CVE-2023-21548 and CVE-2023-21535) were remote code execution vulnerabilities affecting the Windows Security Socket Tunneling Protocol (SSTP).
The critical flaws include five Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution (RCE) Vulnerabilities (tracked as CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556, and CVE-2023-21679). These flaws were reported by third-party researchers.
Recent updates from other companies
Other vendors who released updates in January 2023 include:
- Adobe released security updates for numerous products.
- Cisco released security updates for Cisco Identity Services.
- Fortinet released security updates for various products.
- Intel released a security update for oneAPI Toolkits.
- SAP has released its January 2023 Patch Day updates.
- Synology released a security update for its Synology VPN Plus Server.
Windows security updates
In addition to Microsoft security updates, this January 2023 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5022303 and KB5022287 for windows 11 and KB5022282 for windows 10 version 22H2. So if you are running any of these windows versions make sure you update them as you install the new patches.
Windows 11 KB5022303 and KB5022287
Today’s update windows 11 KB5022303 and KB5022287 addresses security issues for your Windows operating system. Also, microsoft Fixes an issue that is affecting affects the Local Session Manager, also known as LSM. According to the description,
- This update addresses issues that affect the Local Session Manager (LSM). These issues might allow users who do not have admin rights to perform actions that only an admin can.
Today’s update also resolves a glitch impacting SQL servers.
- This update addresses a known issue that affects apps that use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases. The connection might fail. You might also receive an error in the app, or you might receive an error from the SQL Server.
Microsoft noted two known issues with these updates, first of them impacts provisioning packages, while the second makes it harder to copy large files on devices that have already been updated to version 2022 Update.
You can read the complete changelog Microsoft support blog here.
Windows 10 KB5022282 and KB5022286
Cumulative update KB5022282 for Windows 10, This update contains miscellaneous security improvements to internal OS functionality. Microsoft is busy with the development of Windows 11, today’s update windows 10 OS build 19045.2486 actually comes with a few noticeable changes, including bug fix for an issue where devices crash with Blue Screen of Death 0xc000021a.
This update addresses a known issue that might cause 0xc000021a blue screen crashes when booting some Windows devices.
This update addresses issues that affect the Local Session Manager (LSM). These issues might allow users who do not have admin rights to perform actions that only an admin can.
Another bug has been fixed where apps use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases, causing connections to fail.
In addition windows 10 KB5022286 for version 1809 bumps OS Build 17763.3887 and address an issue that might affect authentication. It might fail after you set the higher 16 bits of the msds-SupportedEncryptionTypes attribute.
This update addresses an issue that affects cluster name objects (CNO) or virtual computer objects (VCO). Password reset fails. The error message is, “There was an error resetting the AD password… // 0x80070005”.
This update addresses an issue that affects Microsoft Defender for Endpoint. Automated investigation blocks live response investigations.
Another bug has been fixed where apps use Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) to connect to databases, causing connections to fail.
You can read the complete changelog Microsoft support blog here.
Download the Windows 10 Cumulative update
All these Security updates Automatically download and get installed on your device via Windows update. If your device has not received it yet open Settings, Update & Security and Check for updates. Once done restart your Device to apply the updates.
- Windows 11 KB5022303 (Version 22H2) offline installer Direct Download Link 64-bit.
- Windows 11 KB5022287 (Version 21H2) offline installer Direct Download Link 64-bit.
- Windows 10 KB5022282 (For versions 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).
- Windows 10 KB5022286 (version 1809) 64-bit | Download and 32-bit | Download
The above link directly opens the Microsoft Update Catalog which is the library of Windows Update offline installers. You need to click on the ‘Download’ button next to the version of the OS installed on your machine and run the .msu files to begin the installation of the update.
If you face any difficulty while installing these updates check how to fix Windows 10 Update installation problems.
Also Read:
- WiFi disconnects automatically after the windows 10 update? Try these solutions
- How To Flush and Reset the DNS Cache in Windows 10
- How To Uninstall Windows 10 Built-in apps with PowerShell
- Automatically Disable the touchpad when the mouse is connected to windows 10
- Download Latest Windows 10 version 22H2 ISO (Direct from the Microsoft server)