Microsoft Patch Tuesday: Microsoft released updates to address many software vulnerabilities, including a previously unknown zero-day that had been actively exploited to bypass browser sandbox protections.
The zero-day, detected by anti-malware firm Avast, was used in real-world attacks to gain elevated privileges and evade the security measures the browser’s sandbox put in place.
Microsoft has been tight-lipped about the specifics of the vulnerability or the attacks, only acknowledging its existence through an advisory that classifies it as the “Exploitation Detected” category and assigns it the identifier of CVE-2023-21674 without providing further information or identifying characteristics to assist in detecting potential breaches.
Latest Patch Tuesday explained
In the latest Microsoft Patch Tuesday, the company revealed a vulnerability in the Windows Advanced Local Procedure Call (ALPC) component that, if exploited successfully, could allow an attacker to gain SYSTEM-level privileges.
The company has also highlighted a flaw in the Windows SMB Witness Service, identified as CVE-2023-21549, which could be exploited through a specifically crafted malicious script that would execute an RPC call to an RPC host, potentially resulting in a privilege escalation on the server.
Microsoft also stated that an attacker who successfully exploited this vulnerability could execute RPC functions restricted to privileged accounts only. The recent patch release from Microsoft addresses multiple vulnerabilities in a broad range of Windows OS and system components, including code execution, denial-of-service, and privilege escalation flaws.
Microsoft has addressed several security issues in its flagship Office productivity suite, the .Net Core and Visual Studio Code development environments, the Microsoft Exchange Server, the Windows Print Spooler, Windows Defender, and Windows BitLocker.
Microsoft Patch Tuesday patches were released on the same day other major software makers such as Adobe and Zoom also issued updates for multiple security vulnerabilities in their products.
Adobe, for example, released fixes for at least 29 vulnerabilities in enterprise-facing products, with the most notable update being for the widely-used Adobe Acrobat and Reader software, which addresses critical-severity flaws that put Windows and macOS users at risk of code execution attacks.
Zoom, a video messaging platform, also released patches for security vulnerabilities in their enterprise-facing Zoom Rooms product that could be exploited in privilege escalation attacks on both Windows and macOS platforms.
End of line for Windows 7
Microsoft has announced the termination of technical support for Windows 7. This means that users of Windows 7 must either upgrade to a newer version or face potential security threats.
Microsoft did offer an option for extended security support for legacy systems, such as hospital scanning equipment, but that support ended on January 14, 2020.
It is unclear how many Windows 7 machines are still in use, but some estimates place the number at around 10% of desktop computers. Without extended security updates, Windows 7 will continue to function but will not receive patches for new or existing security vulnerabilities.
Additionally, Windows 8.1 which was the successor of Windows 7, reached its end of support on January 14th, 2020. Microsoft has announced that it is not offering extended security updates for Windows 8.1, it may be due to low usage numbers of the operating system as many users have directly upgraded to Windows 10 instead.