December Patch Tuesday Update 2022

December Patch Tuesday Update 2022

Watch our December Patch Tuesday 2022 webcast for all the details on the most important vulnerabilities of the month.

Microsoft releases 98 fixes this month including 11 Critical, one Public Aware and one Weaponised Threat

There are 11 Rated Critical and 87 are rated Important. Microsoft Windows, Office, NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows Defender, Windows Print Spooler Components and Microsoft Exchange Server have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We are starting the year with almost 100 bugs being fixed. Last month in December there were no Preview updates available, which means Microsoft would not have had the same level of testing they would usually would have liked, so we recommend taking the first deployment of this year as carefully as possible — additional internal testing should be conducted to ensure your end users do not suffer. You will also notice 14 (fourteen) 3D Builder Remote Code Execution Vulnerability fixes have been added to the release notes; however, Microsoft has yet to release the fixes for them so keep an eye on these, as they could indicate problems with testing.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

This vulnerability has a large coverage of the Microsoft operating system estate from Windows 8.1 to Windows 11 on workstations and Windows 2012 R2 to 2022 20H2 on servers. A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges. Combined with both being actively exploited and having a Jump Point, this should be your number 1 priority.

Note: The vulnerability is Weaponised and has a Jump Point

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: Yes
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: None
User Interaction: Required
Scope (Jump Point): Changed / Yes

CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability

Although Microsoft states this vulnerability is less likely to be used in an attack, the exact steps to follow to exploit this vulnerability can be found on the internet. If that could happen, an attacker could execute RPC functions that are restricted to privileged accounts only hence the CVSS score of 8.8.

Note: The vulnerability is Public Aware

Syxscore
Vendor Severity: Important
CVSS: 8.8
Weaponised: No
Public Aware: Yes
Countermeasure: No

Syxscore Risk
Attack Vector: Network
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Unchanged / No

CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability

A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. The AppContainer environment is considered a defensible security boundary therefore any process that can bypass the boundary is considered a change in Scope (what we call a Jump Point). The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

Note: The vulnerability has a Jump Point

Syxscore
Vendor Severity: Critical
CVSS: 8.8
Weaponised: No
Public Aware: No
Countermeasure: No

Syxscore Risk
Attack Vector: Local
Attack Complexity: Low
Privileges: Low
User Interaction: None
Scope (Jump Point): Changed / Yes

Syxsense Cortex Workflows are being set up to remediate all of January’s patches with the click of a button.

If you would like to see how Syxsense can help you automate your patch remediation process, click to schedule a customized demo.

Microsoft’s January Patch Tuesday Fixes

Reference Description Vendor Severity CVSS Score Publicly Aware Weaponised Countermeasure Additional Information
CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 8.8 No Yes No Scope = Changed / Jump Point = True
A local user can trigger memory corruption and execute arbitrary code with SYSTEM privileges.
CVE-2023-21549 Windows Workstation Service Elevation of Privilege Vulnerability Important 8.8 Yes No No An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only.
CVE-2023-21561 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 8.8 No No No Scope = Changed / Jump Point = True
CVE-2023-21732 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21744 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.
CVE-2023-21742 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No In a network-based attack, an authenticated attacker as at least a Site Member could execute code remotely on the SharePoint Server.
CVE-2023-21681 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21676 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 8.8 No No No
CVE-2023-21543 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21546 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21555 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21556 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21679 Windows Layer 2 Tunnelling Protocol (L2TP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21535 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21548 Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability Critical 8.1 No No No
CVE-2023-21762 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.
CVE-2023-21745 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No
CVE-2023-21551 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Identified by Microsoft Offensive Research and Security Engineering (MORSE).
CVE-2023-21730 Windows Cryptographic Services Remote Code Execution Vulnerability Critical 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21780 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21781 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21782 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21784 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21786 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21791 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21793 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21783 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21785 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21787 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21788 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21789 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21790 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21792 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No These updates are not available immediately and will be provided shortly.
CVE-2023-21724 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21764 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21763 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21537 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21734 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21735 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21737 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2023-21768 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21726 Windows Credential Manager User Interface Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21558 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.
CVE-2023-21552 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Exploitation More Likely
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21754 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21747 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21748 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21749 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21772 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21773 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21774 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21675 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21524 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2023-21746 Windows NTLM Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21678 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability Important 7.8 No No No Exploitation More Likely
CVE-2023-21680 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No
CVE-2023-21538 .NET Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21547 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21761 Microsoft Exchange Server Information Disclosure Vulnerability Important 7.5 No No No
CVE-2023-21539 Windows Authentication Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2023-21683 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21677 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21527 Windows iSCSI Service Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21757 Windows Layer 2 Tunnelling Protocol (L2TP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21557 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21728 Windows Net logon Denial of Service Vulnerability Important 7.5 No No No
CVE-2023-21779 Visual Studio Code Remote Code Execution Vulnerability Important 7.3 No No No
CVE-2023-21741 Microsoft Office Visio Information Disclosure Vulnerability Important 7.1 No No No
CVE-2023-21738 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.1 No No No
CVE-2023-21752 Windows Backup Service Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21750 Windows Kernel Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2023-21760 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.1 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21531 Azure Service Fabric Container Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster.
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21739 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21532 Windows GDI Elevation of Privilege Vulnerability Important 7 No No No Exploitation More Likely
CVE-2023-21542 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Important 7 No No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
CVE-2023-21563 BitLocker Security Feature Bypass Vulnerability Important 6.8 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21560 Windows Boot Manager Security Feature Bypass Vulnerability Important 6.6 No No No A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
CVE-2023-21725 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2023-21559 Windows Cryptographic Services Information Disclosure Vulnerability Important 6.2 No No No
CVE-2023-21753 Event Tracing for Windows Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21540 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21550 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21776 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2023-21743 Microsoft SharePoint Server Security Feature Bypass Vulnerability Critical 5.3 No No No Exploitation More Likely
CVE-2023-21525 Windows Encrypting File System (EFS) Denial of Service Vulnerability Important 5.3 No No No
CVE-2023-21682 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability Important 5.3 No No No
CVE-2023-21536 Event Tracing for Windows Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21766 Windows Overlay Filter Information Disclosure Vulnerability Important 4.7 No No No
CVE-2023-21759 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important 3.3 No No No An attacker who successfully exploited this vulnerability could gain access to data related to FIDO keys managed on a vulnerable system.

Go to Top