After a light December, IT and security teams have their work cut out for them as we enter 2023 with nearly 100 vulnerabilities patched by Microsoft in the first Patch Tuesday of the new year.
In our most recent Patch Tuesday Release Blog, 98 vulnerabilities were reported, 11 of which are critical, and 1 is being actively exploited. Highlights we’ve shared, include:
- IT and security teams should prioritize CVE-2023-21674, an important and actively exploited zero-day vulnerability in Windows Advanced Local Procedure Call (ALPC) that allows for elevation to full system privileges when exploited.
- Automox recommends that CVE-2023-21552 and CVE-2023-21532 should be remediated quickly as these vulnerabilities allow for elevation to SYSTEM privileges due to a weakness in Windows GDI.
- If you still use Windows 7 Pro or Enterprise (along with 8.1), Extended Security Updates (ESU) end today. We’d strongly recommend decommissioning these operating systems if you haven’t already as they’ll no longer see critical and important vulnerabilities patched by Microsoft moving forward.
And, don’t forget to bookmark our Patch Tuesday Rapid Response Center for easy access to our month-by-month patch index.