Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

The January 2023 Patch Tuesday comes with a whopping 98 updates

8 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

The holidays are over and here we are, kicking off a new year of prosperity and possibilities. We hope you feel refreshed after your vacation because there’s a lot to catch up on.

As you know, it’s the second Tuesday of the month, which means that Windows users are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve taken the liberty of providing thedirect download linksfor the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk CVEs again.

For January, Microsoft released 98 new patches, which is a lot more than some people were expecting right at the start of 2023.

These software updates address CVEs in:

Microsoft released 98 new important security patches

Microsoft released 98 new important security patches

Seeing how December 2022 was a pretty light month in terms of security patches, developers had to pick up the slack in January, which is exactly what happened.

You might like to know that, out of the 98 new CVEs released, 11 are rated Critical and 87 are rated Important in severity.

Also, keep in mind that this volume is the largest we’ve seen from Microsoft for a January release in quite some time.

Out of all these vulnerabilities addressed this month, only one is listed as publicly known, and one is listed as being in the wild at the time of release.

Note that these types of bugs are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link.

Let’s take a closer look at the full list of CVEs released by Microsoft for January 2023:

Taking a closer look at the remaining Critical-rated fixes, there are two patches for Cryptographic Services, but we can classify them as more of privilege escalations rather than RCEs.

Furthermore, there are five patches for the Layer 2 Tunneling Protocol (L2TP), which was introduced back in Windows 2000.

Looking at the 25 code execution bugs fixed in this Patch Tuesday rollout, there are 14 fixes for the 3D Builder component.

There are also two fixes for SharePoint for RCE bugs that require authentication. However, every user by default has the permissions required to exploit these bugs.

We’re also looking at a couple of SQL-related fixes. Know that an attacker can execute code if they can convince an authenticated user into attempting to connect to a malicious SQL server via ODBC.

We also have to mention the fixes for 11 different information disclosure bugs this month, and seven of these merely result in info leaks consisting of unspecified memory contents.

This January release fixes 10 different Denial-of-Service (DoS) bugs, but Microsoft provides no real detail about these bugs, so it isn’t clear if successful exploitation results in the service stopping or the system crashing.

Two spoofing bugs in the Exchange server also received critical fixes, although the descriptions imply a different impact.

While one notes that successful exploitation could disclose NTLM hashes, the other is about an authenticated attacker could achieve exploitation given a Powershell remoting session to the server.

Nonetheless, make sure you update your Exchange server to ensure you remediate the multiple bugs being fixed this month.

Have you found any other issues after installing this month’s security updates? Share your experience with us in the comments section below.

More about the topics:patch tuesday

Alexandru Poloboc

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host.

A certified gadget freak, he always feels the need to surround himself with next-generation electronics.

When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Alexandru Poloboc

Tech Journalist

With a desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter.