January 2023 : Microsoft Patch Tuesday Review

Microsoft Patch Tuesday

Today is the second Tuesday of January 2023 and it’s Time to check out the latest security updates from Microsoft.

Today (10/01/2023) is the second Tuesday of this month and as part of the Microsoft patch Tuesday, January 2023 the company has released a bunch of cumulative updates to resolve vulnerabilities in its operating systems and other products, like the Microsoft Office productivity suite, while also addressing a series of other bugs related to performance and usability. Let’s look at the highlights from this month’s Windows security Patch Tuesday:

What is Patch Tuesday?
Patch Tuesday, the colloquial term for Microsoft’s Update Tuesday that falls on second Tuesday of every month. 

Patch Tuesday, January 2023

Today’s patch comes with fixes for six publicly exploited zero-day vulnerabilities and a total of 98 flaws. Where eleven flaws are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution, 87 are rated as important in severity.

Table of Contents
    Add a header to begin generating the table of contents

    As per the release notes, the January 2023 patch fixed 39 Elevation of Privilege security issues, 4 security Feature Bypass Vulnerabilities, 33 Remote Code Execution bugs, 10 Information Disclosure vulnerabilities, 10 Denial of Service Vulnerabilities and 2 Spoofing Vulnerabilities.

    January 2023 Patch Tuesday comes with fixes for 98 vulnerabilities, including 1 zero days

    Microsoft Patches for January 2023

    Let’s take a closer look at some of the more interesting updates for this month,

    CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability allows a local attacker to escalate privileges from sandboxed execution inside Chromium to kernel-level execution and full SYSTEM privileges.

    When exploited, an attacker can leverage the vulnerability to break out of the sandbox in Chromium and gain kernel-level execution privileges.

    CVE-2023-21743 – Microsoft SharePoint Server Security Feature Bypass Vulnerability This bug could allow a remote, unauthenticated attacker to make an anonymous connection to an affected SharePoint server.

    CVE-2023-21763/CVE-2023-21764 – Microsoft Exchange Server Elevation of Privilege Vulnerability 

    CVE-2023-21674 – Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability this is a Sandbox escape vulnerability that can lead to the elevation of privileges.

    An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft’s advisory

    Update for windows client versions

    The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10, Windows 11

    • Windows 7 (extended support only): 40 vulnerabilities: 8 critical and 35 important.
    • Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21730
    • Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21679
    • Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21561
    • Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21556
    • Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21555
    • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-21548
    • Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21543
    • Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21546
    • Windows 8.1: 48 vulnerabilities: 9 critical and 39 important.
    • All eight security issues listed under Windows 7, plus
    • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-21535
    • Windows 10:  63 vulnerabilities, 10 critical and 53 important.
    • Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21551
    • Windows 11: 64 vulnerabilities, 10 critical and 54 important.

    Recent updates from other companies

    Third-party vendors such as Citrix, Fortinet, Google, Cisco, and SAP have released updates since last month’s Patch Tuesday.

    Windows security updates January 2023

    The 10 January 2023 (Patch Tuesday) windows security updates are the following:

    • KB5022303 (OS Build 22621.1105) for the latest windows 11 version 22H2
    • KB5022287 (OS Build 22000.1455) for the latest windows 11 version 21H2
    • KB5022282 (OS Builds 19045.2486) for the latest windows 10 version 21H2
    • KB5022286 (OS Build 17763.3887) for the latest Windows 10 version 1809
    • Windows 7 and server 2008 R2 Monthly Rollup: KB5022338 and Security-Only: KB5022339
    • Windows 8.1 and server 2012 R2 Monthly Rollup: KB5022352 and Security-only: KB5022346

    All these updates only include minor patches and security fixes, rather than any new features.

    Note: Windows 11 was released with a number of new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to windows 11 for free.

    Windows 7

    Both monthly and security-only updates

    • Authentication may fail if the “higher 16-bits of the msds-SupportedEncryptionTypes attribute” are set.
    • Resolved the Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) that could cause connections to fail.

    Windows 8.1

    Both monthly and security-only updates, bring the same changelog as windows 7.

    • Microsoft displays a modal dialog that informs Home users about the end of support. The message does not appear on managed devices that run Windows 8.1 Pro or Enterprise.
    • Authentication may fail if the “higher 16-bits of the msds-SupportedEncryptionTypes attribute” are set.
    • Resolved the Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) that could cause connections to fail.

    Windows 10

    • Resolved the Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) that could cause connections to fail.
    • Fixed a startup issue that could throw the error 0xc000021a and have a blue screen.
    • Fixed an issue in Local Session Manager that could allow users to perform actions that only administrators can.

    Windows 11

    • Resolved the Microsoft Open Database Connectivity (ODBC) SQL Server Driver (sqlsrv32.dll) that could cause connections to fail.
    • Fixed a startup issue that could throw the error 0xc000021a and have a blue screen.
    • Fixed an issue in Local Session Manager that could allow users to perform actions that only administrators can.

    Microsoft Security update download

    All these Windows 10 January 2023 Patch Tuesday updates are automatically downloaded and installed via windows update. Or you force Windows update from settings, update & security check for updates to install the latest patch updates immediately.

    Windows update

    Windows 11 KB5022303 (Version 22H2) offline installer Direct Download Link 64-bit.

    Windows 11 KB5022287 (Version 21H2) offline installer Direct Download Link 64-bit.

    Windows 10 KB5022282 (For versions 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).

    Windows 10 KB5021237 (for version 1809) Offline Download links

    If you are Looking for Windows 10 version 22H2 ISO image click here.

    Or Check How to Upgrade to Windows 10 version 22H2 Using the media creation tool

    If you face any difficulty while installing these updates, Check Windows 10 Update troubleshooting guide to fix the windows 10 Cumulative update KB5022282 stuck downloading, failed to install with different errors, etc.

    Note: New Windows Security Updates are available for Windows 7 and 8.1 as well, read the changelog here.

    FAQ on Patch Tuesday update

    What is Patch Tuesday?
    Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month.

    When is Patch Tuesday?
    Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on January 10, 2023.

    What is patching and why is it important?
    Patches are nothing but pieces of software code that are written to fix a bug in a software application, that might lead to a vulnerability.

    What kind of patch updates are released during Patch Tuesday?
    Predominantly security patch updates of varying severity like Critical, Important, Moderate & Low are labeled and released.

    What are CVE IDs?
    CVE ID – Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD).

    Also Read

    2 thoughts on “January 2023 : Microsoft Patch Tuesday Review”

    1. Michelle Ford

      I only have a basic-moderate understanding of dos/software/updates. It normally only takes about an hour for me to find a fix.
      I am unable to locate the update patch to fix 2021-05 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5003173) for OS build 19041.630.
      I am getting an error message: “Your device is missing important security and quality fixes.” (0x80073701).
      I am now getting rather frustrated, as I have literally spent over 5 hours searching the web and have followed a multitude of “fixes” and none have worked, including the manual download of the update from https://www.catalog.update.microsoft.com/home.aspx .
      Inability to successfully install this update (after it says 100% installed), is preventing the installation of the Windows 10 version 20H2 update (which is automatically showing the same error).
      I live off grid, in a remote rural area and unable to get technical assistance readily. Would appreciate assistance.

      1. Steve Ballmer

        Have you tried to install windows updates on clean boot?
        Clean boot fix the problem if any third-party service conflict prevents apply these updates.

        In addition, make sure to disable third-party antivirus, disconnect VPN (If configured), Check you have enough free disk space,

        Disconnect the internet connection and try install the offline package.

        Let us know if need more help, feel free to contact admin@windows101tricks.com

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Related posts

    Scroll to Top