New Year, same process. Patch Tuesday has arrived, and it looks like those pesky hackers have not chosen to end all nefarious actions by the end of 2022 as I had assumed. Knowing this, let’s dive into the first Patch Tuesday of the year. We have 98 exploits closed, with 11 of them being critical. One of these is actively exploited. Up next are the lowlights. Read on to see what the worst of the new year is.
Some highlights (or lowlights)
CVE-2023-21674: It’s not often that the highest-rated CVE for the month is also the one that is already exploited. This elevation of privilege vulnerability is for the Advanced Local Procedure Call (ALPC). An attacker that successfully exploits this vulnerability will get system privileges. It requires no user interaction and low privileges to exploit. That is all bad. On the slightly more positive side, it only has a local attack vector, which limits how exploitable it is — and that’s why it comes in as an 8.8 CVSS.
CVE-2023-21549: This is another elevation of privilege exploit that has already been publicly disclosed, although not already exploited. This has a network attack vector and does not require any user interaction. It does require the attacker to have basic user privileges to exploit. An attacker that successfully uses this exploit would run a malicious script that would execute an RPC call that would allow them to run code as a privileged account.
CVE-2023-21732: This Remote Code Execution Vulnerability uses the Open Database Connectivity (ODBC). It has a network attack vector and requires no privileges to execute. Luckily this does require a user to connect to a malicious SQL server. An attacker that gets a user to connect would be able to remotely execute code on the system. This exploit is also rated as an 8.8.
The first patch Tuesday of the new year is in the books, and so far, it’s not looking bad. Under 100 total vulnerabilities is nice. One thing making it a bit more risky than normal is all the already exploited and known threats are tied to the highest CVSS scores. It might be wise to get patched as quickly as you can on this one.
If your New Year’s Resolution is to spend less time patching your systems, I have some fantastic news for you. PDQ Deploy and PDQ Inventory can help you get all this automated, so you hardly need to pay attention to patching. Feels good to crush those resolutions.
Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet while drinking most Thursdays on the PDQ webcast.