Microsoft has released 98 security patches for this month’s January 2023 Patch Tuesday release. One of the fixes is for CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability). The vulnerability is rated critical, and exploitation of the vulnerability was observed in the field by Microsoft. This has a CVSS score of 8.8.Why is this Significant?This is significant because Microsoft observed CVE-2023-21674 being exploited as a 0-day, as such the patch should be applied as soon as possible. As CVE-2023-21674 is a local privilege escalation vulnerability, attackers need to either chain the exploit for CVE-2023-21674 with other exploit(s) or have already gain access to the victim’s network, which lower the severity.What is CVE-2023-21674?CVE-2023-21674 is a Local Privilege Escalation vulnerability in Windows Advanced Local Procedure Call (ALPC), which attackers can exploit for a browser sandbox escape to gain SYSTEM privileges in vulnerable systems.Has the Vendor Released an Advisory?Yes, Microsoft released an advisory. See the Appendix for a link to “Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability”.Has the Vendor Released a Patch for CVE-2023-21674?Yes, Microsoft released a patch for CVE-2023-21674 as part of January Patch Tuesday on January 10, 2023.What is the Status of Protection?FortiGuard Labs has released the following IPS signature for CVE-2023-21674 in version 22.472 on January 10th, 2023:MS.Windows.ALPC.CVE-2023-21674.Privilege.Elevation (default action is set to “pass”)
Category Archives: Advisories
phoronix-test-suite-10.8.4-2.el8
FEDORA-EPEL-2023-be2f5c557d
Packages in this update:
phoronix-test-suite-10.8.4-2.el8
Update description:
Security fix for CVE-2022-40704
phoronix-test-suite-10.8.4-2.el9
FEDORA-EPEL-2023-a67e0f6221
Packages in this update:
phoronix-test-suite-10.8.4-2.el9
Update description:
Security fix for CVE-2022-40704
phoronix-test-suite-10.8.4-2.el7
FEDORA-EPEL-2023-f2c2f32842
Packages in this update:
phoronix-test-suite-10.8.4-2.el7
Update description:
Security fix for CVE-2022-40704
phoronix-test-suite-10.8.4-2.fc37
FEDORA-2023-e363201a4c
Packages in this update:
phoronix-test-suite-10.8.4-2.fc37
Update description:
Security fix for CVE-2022-40704
phoronix-test-suite-10.8.4-2.fc36
FEDORA-2023-40e14b37c2
Packages in this update:
phoronix-test-suite-10.8.4-2.fc36
Update description:
Security fix for CVE-2022-40704
uriparser-0.9.7-1.el8
FEDORA-EPEL-2023-d9589cec98
Packages in this update:
uriparser-0.9.7-1.el8
Update description:
Update to uriparser-0.9.7.
rust-1.66.1-1.fc37
FEDORA-2023-19bcafe341
Packages in this update:
rust-1.66.1-1.fc37
Update description:
Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the upstream security advisory.
rust-1.66.1-1.fc36
FEDORA-2023-575fcaf4bf
Packages in this update:
rust-1.66.1-1.fc36
Update description:
Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the upstream security advisory.
CVE-2014-125075
A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The name of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability.