En enero, Adobe lanzó cuatro parches que abordaban 29 CVE en Adobe Acrobat y Reader, InDesign, InCopy y Adobe Dimension. Un total de 22 de estos errores se registraron utilizando el programa ZDI. La actualización de Reader corrige 15 errores, ocho de los cuales están clasificados como críticos en cuanto a su gravedad. La vulnerabilidad más grave podría permitir la ejecución de código arbitrario si un sistema afectado abre un archivo especialmente diseñado.
El parche de InDesign corrige seis errores, cuatro de los cuales se clasifican como críticos. Al igual que con el parche de Reader, abrir un archivo malicioso puede provocar la ejecución de código. Lo mismo ocurre con InCopy, que también recibió correcciones para seis CVE. La actualización de Dimension solo aborda los dos CVE, pero las correcciones también incluyen actualizaciones de las dependencias de SketchUp. La versión anterior tiene una marca de tiempo del 22 de febrero, mientras que la versión lanzada hoy tiene una marca de tiempo del 9 de noviembre. Este mes, ningún error corregido de Adobe parece haber reconocido o atacado activamente abiertamente. Adobe clasificó estas actualizaciones como clasificación de prioridad. Parche de enero de 2023 de Microsoft
Este mes, Microsoft lanzó 98 nuevos parches que abordan CVE en Microsoft Windows y componentes de Windows; Oficina y componentes de oficina; .NET Core y Visual Studio Code, 3D Builder, Azure Service Fabric Containers, Windows BitLocker, Windows Defender, componentes de Windows Print Spooler y Microsoft Exchange Server. Un total de 25 de estos CVE se enviaron a través del programa ZDI. De los 98 nuevos parches lanzados hoy, 11 fueron calificados como críticos y 87 como críticos. Esa cantidad es el mayor lanzamiento de enero que hemos visto de Microsoft en mucho tiempo. Será interesante ver si este volumen de enmienda continuará durante todo el año.
Uno de los nuevos CVE, que se descubrió este mes se muestra como conocido públicamente, y uno figura como en la naturaleza en el momento del lanzamiento. Echemos un vistazo más de cerca a algunas de las actualizaciones más interesantes de este mes, comenzando con las vulnerabilidades más explotadas:
| CVE | Title | Severity | CVSS | Public | Exploited | Tupe |
| CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important | 8.8 | No | Yes | EoP |
| CVE-2023-21549 | Windows Workstation Service Elevation of Privilege Vulnerability | Important | 8.8 | Yes | No | EoP |
| CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical | 8.8 | No | No | EoP |
| CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Critical | 7.8 | No | No | EoP |
| CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Critical | 8.2 | No | No | SFB |
| CVE-2023-21730 | Windows Cryptographic Services Remote Code Execution Vulnerability | Critical | 7.8 | No | No | EoP |
| CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2023-21538 | .NET Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
| CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | Important | 6.8 | No | No | SFB |
| CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | Important | 4.7 | No | No | Info |
| CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | Important | 7.5 | No | No | Info |
| CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | Important | 8 | No | No | Spoofing |
| CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | Important | 8 | No | No | Spoofing |
| CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | Important | 7.1 | No | No | Info |
| CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.1 | No | No | RCE |
| CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2023-21725 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important | 6.3 | No | No | EoP |
| CVE-2023-21779 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.3 | No | No | RCE |
| CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | Important | 7.5 | No | No | RCE |
| CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | Important | 7.1 | No | No | EoP |
| CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
| CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
| CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | Important | 6.6 | No | No | SFB |
| CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2023-21559 | Windows Cryptographic Services Information Disclosure Vulnerability | Important | 6.2 | No | No | Info |
| CVE-2023-21525 | Windows Encrypting File System (EFS) Denial of Service Vulnerability | Important | 5.9 | No | No | DoS |
| CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
| CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
| CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.1 | No | No | EoP |
| CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
| CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | Important | 4.7 | No | No | Info |
| CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | Important | 5.3 | No | No | Info |
| CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.1 | No | No | EoP |
| CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Important | 3.3 | No | No | SFB |
| CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
Fuente:
Zero Day Initiative — The January 2023 Security Update Review