Watch our December Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.
Microsoft releases 98 fixes this month including 11 Critical, one Public Aware and one Weaponised Threat
There are 11 Rated Critical and 87 are rated Important. Microsoft Windows, Office, NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components and Microsoft Exchange Server have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “We are starting the year with almost 100 bugs being fixed. Last month in December there were no Preview updates available, which means Microsoft would not have had the same level of testing they would usually would have liked, so we recommend taking the first deployment of this year as carefully as possible — additional internal testing should be conducted to ensure your end users do not suffer. You will also notice 14 (fourteen) 3D Builder Remote Code Execution Vulnerability fixes have been added to the release notes; however, Microsoft has yet to release the fixes for them so keep an eye on these, as they could indicate problems with testing.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
This vulnerability has a large coverage of the Microsoft operating system estate from Windows 8.1 to Windows 11 on workstations and Windows 2012 R2 to 2022 20H2 on servers. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. Combined with both being actively exploited and having a Jump Point, this should be your number 1 priority.
Note: The vulnerability is Weaponised and has a Jump Point
Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: Yes
Public Aware: No
Countermeasure: No
Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: None
User Interaction: Required
Scope (Jump Point): Changed / Yes
CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability
Although Microsoft states this vulnerability is less likely to be used in an attack, the exact steps to follow to exploit this vulnerability can be found on the internet. If that could happen, an attacker could execute RPC functions that are restricted to privileged accounts only hence the CVSS score of 8.8.
Note: The vulnerability is Public Aware
Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: No
Public Aware: Yes
Countermeasure: No
Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Unchanged / No
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. The AppContainer environment is considered a defensible security boundary therefore any process that can bypass the boundary is considered a change in Scope (what we call a Jump Point). The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.
Note: The vulnerability has a Jump Point
Syxscore
Vendor Severity: Critical
CVSS: 8.8
Weaponised: No
Public Aware: No
Countermeasure: No
Syxscore Risk
Attack Vector: Local
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Changed / Yes
Syxsense Cortex Workflows are being set up to remediate all of January’s patches with the click of a button.
If you would like to see how Syxsense can help you automate your patch remediation process, click to schedule a customized demo.
Microsoft’s January Patch Tuesday Fixes
Reference | Description | Vendor Severity | CVSS Score | Publicly Aware | Weaponised | Countermeasure | Additional Information |
CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important | 8.8 | No | Yes | No | Scope = Changed / Jump Point = True |
A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. | |||||||
CVE-2023-21549 | Windows Workstation Service Elevation of Privilege Vulnerability | Important | 8.8 | Yes | No | No | An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only. |
CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical | 8.8 | No | No | No | Scope = Changed / Jump Point = True |
CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | |
CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server. |
CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server. |
CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | |
CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | |
CVE-2023-21543 | Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | |
CVE-2023-21546 | Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | |
CVE-2023-21555 | Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | |
CVE-2023-21556 | Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | |
CVE-2023-21679 | Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | |
CVE-2023-21535 | Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | |
CVE-2023-21548 | Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | |
CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Important | 8 | No | No | No | This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. |
CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Important | 8 | No | No | No | |
CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Identified by Microsoft Offensive Research and Security Engineering (MORSE). | |||||||
CVE-2023-21730 | Windows Cryptographic Services Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | These updates are not available immediately and will be provided shortly. |
CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
Exploitation More Likely | |||||||
CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Exploitation More Likely |
CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | ||
CVE-2023-21538 | .NET Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21757 | Windows Layer 2 Tunnelling Protocol (L2TP) Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21728 | Windows Net logon Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2023-21779 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.3 | No | No | No | |
CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | Important | 7.1 | No | No | No | |
CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.1 | No | No | No | |
CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | |
CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.1 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important | 7 | No | No | No | An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster. |
CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | Important | 7 | No | No | No | Exploitation More Likely |
CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Important | 7 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | Important | 6.8 | No | No | No | A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. |
CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | Important | 6.6 | No | No | No | A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. |
CVE-2023-21725 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important | 6.3 | No | No | No | |
CVE-2023-21559 | Windows Cryptographic Services Information Disclosure Vulnerability | Important | 6.2 | No | No | No | |
CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Critical | 5.3 | No | No | No | Exploitation More Likely |
CVE-2023-21525 | Windows Encrypting File System (EFS) Denial of Service Vulnerability | Important | 5.3 | No | No | No | |
CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | Important | 5.3 | No | No | No | |
CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | Important | 4.7 | No | No | No | |
CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | Important | 4.7 | No | No | No | |
CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Important | 3.3 | No | No | No | An attacker who successfully exploited this vulnerability could gain access to data related to FIDO keys managed on a vulnerable system. |
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.