The patch relates to several products, roles, and features such as Microsoft core drivers, Office, and Exchange Server, as well as multiple Windows core components like Bitlocker, Installer, and Point-to-Point Tunneling Protocol. According to StatCounter, Windows 8.1 and 7 still accounted for almost 14% of Windows installs worldwide at the end of 2022. If unaddressed, such flaws could allow hackers to bypass security features, execute code remotely, and crack administrator access privileges. Such events, in turn, could bring down entire organizations still using outdated operating systems. In the first “Patch Tuesday” event in this new year, Microsoft said eleven of the fixed flaws were critical. Patch Tuesday (or Update Tuesday) is a popular term used to describe a period when big software vendors like Oracle, Adobe, Cisco, Microsoft, and others put out fixes simultaneously for their products.
U.S. Cybersecurity Agency Sounds Alarm
On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the now publicly known and extremely dangerous zero-day bug to its vulnerability catalog. It also said the rest of the vulnerabilities Microsoft addressed in its 2023 security update were also a risk. “An attacker could exploit some of these vulnerabilities to take control of an affected system,” CISA said in their alert. CISA said users and administrators should review the Microsoft report and deployment information to install the updates on their systems as soon as possible. The U.S. National Security Agency (NSA) also reported CVE-2023-21678, a dangerous bug affecting the Microsoft Print Spooler service. Other than these, the Microsoft report has classified 39 elevations of privilege, four security feature bypasses, 33 remote code executions, and more vulnerabilities. Microsoft is currently rolling out updates for its products and sister products operated by other companies via the official Windows Update service.
The Dangerous Zero-Day Exploit
Among the list of vulnerabilities lies a zero-day flaw — a type of software vulnerability that has no existing fix known to developers. A zero-day exploit is when that vulnerability is being exploited for malicious purposes. The zero-day exploit affects the Windows Advanced Local Procedure Call (ALPC) filed under CVE-2023-21674 that “could lead to a browser sandbox escape,” and a hacker “who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said. A browser sandbox is how browsers protect online users from malware and malicious code by keeping detected malicious elements that may arise on websites boxed in a safe area. This exploit allows malicious code to escape the safe zone. “A wide range of Windows versions was affected, including the latest Windows 10 and Windows 11 builds,” Avast Threat Labs tweeted Wednesday. The original zero-day was “most likely chained with a separate Chrome renderer RCE exploit, which we unfortunately did not manage to recover,” Avast added.
Risks of Running Windows 8.1 or 7
This week marked the end of security updates and support for Windows 8.1 and 7. Windows users that don’t update to Windows 11 or 10 will become vulnerable to the ever-evolving security threat landscape. “If you have devices running Windows 8.1, we recommend upgrading them to a more current, in-service, and supported Windows release,” Microsoft said. Zero-day flaws and exploits can be high-risk to organizations, especially small businesses. In March 2022, the Spring4Shell zero-day flaw — its name inspired by the infamous Log4Shell exploit — could have also affected hundreds of thousands of targets. To defend yourself or your organization from sweeping software vulnerabilities, there are a few steps you can take. First and most importantly of all, keep all of your software updated at all times. This means either manually applying updates per vendor instructions or enabling automatic updates if and wherever possible. This is a key part of your cyber hygiene. Secondly, it is vital to use a high-quality antivirus suite on your devices that can pick up and quarantine or eradicate threats before they compromise your device or your sensitive information.
