Even though we are already in 2023, Microsoft still has to work on some of the issues that the various versions of the Windows OS have from 2022. It will be interesting to see what the Redmond-based tech giant has prepared for us at the beginning of the new year, so let’s explore the possibilities together.
What can I expect from the first 2023 Patch Tuesday rollout?
As you surely remember, in December 2022, Microsoft released a total of 52 patches to address various CVEs, some of them being exploited in the wild. One that got fixed was the PowerShell Remote Code Execution Vulnerability, a Critical-rated bug that could actually allow an authenticated user to escape the PowerShell Remoting Session Configuration and run unapproved commands on an affected system. You can find out more about this release by checking out the dedicated article. For now, it’s time to move on to this month’s release. There actually were no preview updates in December as usual due to the holidays, so the first release of the year is always interesting. Since the December Patch Tuesday release was small in terms of CVEs fixed, we anticipate a high number of CVEs addressed in both the operating systems and applications updates. We also have to consider that Microsoft may also want to end the ESU with a set of major updates to fix as many issues as possible. Keep in mind that the tech giant also disclosed two zero-day vulnerabilities back in September, one for Exchange Server Elevation of Privilege Vulnerability (CVE-2022-41040) and one for Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082). Both of the above-mentioned vulnerabilities are associated with the ProxyNotShell attacks, in case you didn’t know that. As a result, a series of interim mitigations were also provided until the patches were released in November, so if you didn’t deploy these updates in the last two months, you are now running at high risk. We will report back in a few hours, when the patches are released and disclose everything Microsoft has prepared for January 2023.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ