VULNERA Pulse

Microsoft — Exchange Server

CVE-2022-41080 / Added: Jan. 10, 2023

CRITICAL CVSS 9.80

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

Headlines

• Jan. 11, 2023 - US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog
• Jan. 9, 2023 - Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone
• Jan. 6, 2023 - Hackers Behind Ransomware Attack on Rackspace Accessed Customer Data
• Jan. 6, 2023 - Rackspace says hackers accessed customer data during ransomware attack
• Jan. 6, 2023 - Personal Storage Table Files Accessed in Rackspace Attack
• Jan. 6, 2023 - Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach
• Jan. 5, 2023 - Rackspace Sunsets Email Service Downed in Ransomware Attack
• Jan. 5, 2023 - Rackspace blames ransomware woes on zero-day attack
• Jan. 4, 2023 - Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations
• Dec. 21, 2022 - A new Microsoft Exchange flaw is being used to attack servers

Back to top ↑

Microsoft — Windows

CVE-2023-21674 / Added: Jan. 10, 2023

HIGH CVSS 8.80

Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.

Headlines

• Jan. 11, 2023 - Microsoft Confirms Windows Zero-Day Exploit Among 98 January Security Issues
• Jan. 11, 2023 - First Patch Tuesday of 2023 includes fixes for 98 security flaws and one zero-day bug
• Jan. 11, 2023 - Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes
• Jan. 11, 2023 - Microsoft’s January 2023 Security Update Fixes 98 Vulnerabilities
• Jan. 11, 2023 - The first Microsoft Patch Tuesday of 2023 includes some rather important fixes
• Jan. 11, 2023 - Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day
• Jan. 11, 2023 - Microsoft releases Windows 10, 11 cumulative updates; fixes 98 flaws, 1 zero-day this Patch Tuesday
• Jan. 11, 2023 - Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
• Jan. 11, 2023 - Microsoft sends security admins their first gift for 2023
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 10, 2023 - Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)

Back to top ↑

CVE-2022-23529

CRITICAL CVSS 9.80

Actively Exploited Remote Code Execution Public Exploits Available

Published: Dec. 21, 2022

node-jsonwebtoken is a JsonWebToken implementation for node.js. For versions `<= 8.5.1` of `jsonwebtoken` library, if a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the readme link of the `jwt.verify()` function, they can write arbitrary files on the host machine. Users are affected only if untrusted entities are allowed to modify the key retrieval parameter of the `jwt.verify()` on a host that you control. This issue has been fixed, please update to version 9.0.0.

Quotes

• This package plays a big role in the authentication and authorization functionality for many applications - TechRadar - All the latest technology news
• Typically, attacks on JWTs will involve different forgery techniques abusing buggy JWT implementations - infosecurity-magazine.com
• Security awareness is crucial when using open source software. Reviewing commonly used security open source implementations is necessary for maintaining their dependability, and it's something the open source community can take part in - SecurityWeek
• By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request - Security Affairs
• JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed - BleepingComputer
• Running malicious code on a server can lead to a huge damage and loss of confidentiality, integrity, and also may cause a denial of service - Dark Reading

Headlines

• Jan. 10, 2023 - JsonWebToken open source library has a significant security flaw
• Jan. 10, 2023 - Researchers Find Security Flaw in JsonWebToken Library Used By 20,000+ Projects
• Jan. 10, 2023 - Vulnerability in Popular JsonWebToken Open Source Project Leads to Code Execution
• Jan. 10, 2023 - Remote code execution bug discovered in the popular JsonWebToken library
• Jan. 10, 2023 - Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects
• Jan. 9, 2023 - Auth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects
• Jan. 9, 2023 - JsonWebToken Security Bug Opens Servers to RCE

CVE-2022-41080

CRITICAL CVSS 9.80

CISA Known Exploited Used In Ransomware Public Exploits Available

Published: Nov. 9, 2022

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.

Vendor Impacted: Microsoft

Product Impacted: Exchange Server

Quotes

• This vulnerability could lead to a browser sandbox escape - The Hacker News
• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise - BleepingComputer
• Often mitigations are preferable, especially in highly public resources where there is sensitivity to downtime - Dark Reading

Headlines

• Jan. 11, 2023 - US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog
• Jan. 11, 2023 - Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
• Jan. 10, 2023 - CISA orders agencies to patch Exchange bug abused by ransomware gang
• Jan. 9, 2023 - Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone

CVE-2023-21674

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited

Published: Jan. 10, 2023

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability.

Vendor Impacted: Microsoft

Product Impacted: Windows

Quotes

• Has low complexity, uses the local vector, and requires low privileges and no user interaction - Forbes - Cybersecurity
• Given its low attack complexity, the existence of functional proof-of-concept code, and the potential for sandbox escape, this may be a vulnerability to keep a close eye on - Latest news
• Vulnerabilities of this nature are frequently leveraged in tandem with malware or ransomware delivery - infosecurity-magazine.com
• To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host - TechRadar - All the latest technology news
• This is the one bug listed as under active attack for this month. It allows a local attacker to escalate privileges from sandboxed execution inside Chromium to kernel-level execution and full SYSTEM privileges - Security Affairs
• This vulnerability could lead to a browser sandbox escape - The Hacker News
• A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM - iTnews - Security
• The release issued in the second half of the year - Naked Security - Sophos
• Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware - The Register - Security
• These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise - BleepingComputer
• The volume is definitely concerning, especially given the Exchange patches and SharePoint updates - Dark Reading
• More likely to be exploited - Krebs on Security
• An attacker who successfully exploited this vulnerability could gain SYSTEM privileges - SecurityWeek

Headlines

• Jan. 11, 2023 - Microsoft Confirms Windows Zero-Day Exploit Among 98 January Security Issues
• Jan. 11, 2023 - First Patch Tuesday of 2023 includes fixes for 98 security flaws and one zero-day bug
• Jan. 11, 2023 - Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes
• Jan. 11, 2023 - Microsoft’s January 2023 Security Update Fixes 98 Vulnerabilities
• Jan. 11, 2023 - Over 100 CVEs Addressed in First Patch Tuesday of 2023
• Jan. 11, 2023 - US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog
• Jan. 11, 2023 - The first Microsoft Patch Tuesday of 2023 includes some rather important fixes
• Jan. 11, 2023 - Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day
• Jan. 11, 2023 - Microsoft releases Windows 10, 11 cumulative updates; fixes 98 flaws, 1 zero-day this Patch Tuesday
• Jan. 11, 2023 - Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
• Jan. 11, 2023 - Microsoft sends security admins their first gift for 2023
• Jan. 11, 2023 - Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with in-the-wild exploit fix
• Jan. 10, 2023 - Critical Patches Issued for Microsoft Products, January 10, 2023
• Jan. 10, 2023 - CISA orders agencies to patch Exchange bug abused by ransomware gang
• Jan. 10, 2023 - 98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes
• Jan. 10, 2023 - Microsoft Patch Tuesday, January 2023 Edition
• Jan. 10, 2023 - Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)
• Jan. 10, 2023 - Windows 11 KB5022303 and KB5022287 cumulative updates released
• Jan. 10, 2023 - Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day
• Jan. 10, 2023 - Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day

CVE-2023-21549

HIGH CVSS 8.80

Risk Context N/A

Published: Jan. 10, 2023

Windows SMB Witness Service Elevation of Privilege Vulnerability.

Quotes

• Vulnerabilities of this nature are frequently leveraged in tandem with malware or ransomware delivery - infosecurity-magazine.com
• To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host - TechRadar - All the latest technology news
• This is the one bug listed as under active attack for this month. It allows a local attacker to escalate privileges from sandboxed execution inside Chromium to kernel-level execution and full SYSTEM privileges - Security Affairs
• This vulnerability could lead to a browser sandbox escape - The Hacker News
• A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM - iTnews - Security
• The release issued in the second half of the year - Naked Security - Sophos
• Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware - The Register - Security
• The volume is definitely concerning, especially given the Exchange patches and SharePoint updates - Dark Reading
• An attacker who successfully exploited this vulnerability could gain SYSTEM privileges - SecurityWeek

Headlines

• Jan. 11, 2023 - First Patch Tuesday of 2023 includes fixes for 98 security flaws and one zero-day bug
• Jan. 11, 2023 - Over 100 CVEs Addressed in First Patch Tuesday of 2023
• Jan. 11, 2023 - The first Microsoft Patch Tuesday of 2023 includes some rather important fixes
• Jan. 11, 2023 - Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day
• Jan. 11, 2023 - Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
• Jan. 11, 2023 - Microsoft sends security admins their first gift for 2023
• Jan. 11, 2023 - Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with in-the-wild exploit fix
• Jan. 10, 2023 - Critical Patches Issued for Microsoft Products, January 10, 2023
• Jan. 10, 2023 - 98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes
• Jan. 10, 2023 - Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)
• Jan. 10, 2023 - Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day
• Jan. 10, 2023 - Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day

CVE-2023-21762

HIGH CVSS 8.00

Risk Context N/A

Published: Jan. 10, 2023

Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2023-21745.

Quotes

• To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host - TechRadar - All the latest technology news
• Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware - The Register - Security
• The volume is definitely concerning, especially given the Exchange patches and SharePoint updates - Dark Reading
• More likely to be exploited - Krebs on Security

Headlines

• Jan. 11, 2023 - The first Microsoft Patch Tuesday of 2023 includes some rather important fixes
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with in-the-wild exploit fix
• Jan. 10, 2023 - 98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes
• Jan. 10, 2023 - Microsoft Patch Tuesday, January 2023 Edition

CVE-2023-21745

HIGH CVSS 8.00

Risk Context N/A

Published: Jan. 10, 2023

Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2023-21762.

Quotes

• To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host - TechRadar - All the latest technology news
• Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware - The Register - Security
• The volume is definitely concerning, especially given the Exchange patches and SharePoint updates - Dark Reading
• More likely to be exploited - Krebs on Security

Headlines

• Jan. 11, 2023 - The first Microsoft Patch Tuesday of 2023 includes some rather important fixes
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with in-the-wild exploit fix
• Jan. 10, 2023 - 98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes
• Jan. 10, 2023 - Microsoft Patch Tuesday, January 2023 Edition

CVE-2023-21764

HIGH CVSS 7.80

Risk Context N/A

Published: Jan. 10, 2023

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21763.

Quotes

• Given its low attack complexity, the existence of functional proof-of-concept code, and the potential for sandbox escape, this may be a vulnerability to keep a close eye on - Latest news
• Vulnerabilities of this nature are frequently leveraged in tandem with malware or ransomware delivery - infosecurity-magazine.com
• To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host - TechRadar - All the latest technology news
• This vulnerability could lead to a browser sandbox escape - The Hacker News
• Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware - The Register - Security
• The volume is definitely concerning, especially given the Exchange patches and SharePoint updates - Dark Reading

Headlines

• Jan. 11, 2023 - Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes
• Jan. 11, 2023 - Over 100 CVEs Addressed in First Patch Tuesday of 2023
• Jan. 11, 2023 - The first Microsoft Patch Tuesday of 2023 includes some rather important fixes
• Jan. 11, 2023 - Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with in-the-wild exploit fix
• Jan. 10, 2023 - 98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes
• Jan. 10, 2023 - Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)

CVE-2023-21763

HIGH CVSS 7.80

Risk Context N/A

Published: Jan. 10, 2023

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21764.

Quotes

• Given its low attack complexity, the existence of functional proof-of-concept code, and the potential for sandbox escape, this may be a vulnerability to keep a close eye on - Latest news
• Vulnerabilities of this nature are frequently leveraged in tandem with malware or ransomware delivery - infosecurity-magazine.com
• To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host - TechRadar - All the latest technology news
• This vulnerability could lead to a browser sandbox escape - The Hacker News
• Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware - The Register - Security
• The volume is definitely concerning, especially given the Exchange patches and SharePoint updates - Dark Reading

Headlines

• Jan. 11, 2023 - Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes
• Jan. 11, 2023 - Over 100 CVEs Addressed in First Patch Tuesday of 2023
• Jan. 11, 2023 - The first Microsoft Patch Tuesday of 2023 includes some rather important fixes
• Jan. 11, 2023 - Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with in-the-wild exploit fix
• Jan. 10, 2023 - 98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes
• Jan. 10, 2023 - Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)

CVE-2022-41123

HIGH CVSS 7.80

Risk Context N/A

Published: Nov. 9, 2022

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41080.

Vendor Impacted: Microsoft

Product Impacted: Exchange Server

Quotes

• Given its low attack complexity, the existence of functional proof-of-concept code, and the potential for sandbox escape, this may be a vulnerability to keep a close eye on - Latest news
• Vulnerabilities of this nature are frequently leveraged in tandem with malware or ransomware delivery - infosecurity-magazine.com
• This vulnerability could lead to a browser sandbox escape - The Hacker News
• Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware - The Register - Security
• The volume is definitely concerning, especially given the Exchange patches and SharePoint updates - Dark Reading

Headlines

• Jan. 11, 2023 - Microsoft's first Patch Tuesday of 2023 delivers a massive 98 fixes
• Jan. 11, 2023 - Over 100 CVEs Addressed in First Patch Tuesday of 2023
• Jan. 11, 2023 - Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with in-the-wild exploit fix
• Jan. 10, 2023 - 98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

CVE-2023-21743

MEDIUM CVSS 5.30

Actively Exploited

Published: Jan. 10, 2023

Microsoft SharePoint Server Security Feature Bypass Vulnerability.

Quotes

• Vulnerabilities of this nature are frequently leveraged in tandem with malware or ransomware delivery - infosecurity-magazine.com
• To exploit this vulnerability, an attacker could execute a specially crafted malicious script which executes an RPC call to an RPC host - TechRadar - All the latest technology news
• This vulnerability could lead to a browser sandbox escape - The Hacker News
• Psconfig.exe -cmd upgrade -inplace b2b - Sophos News
• Bugs of this type are often paired with some form of code exaction to deliver malware or ransomware - The Register - Security
• The volume is definitely concerning, especially given the Exchange patches and SharePoint updates - Dark Reading
• More likely to be exploited - Krebs on Security

Headlines

• Jan. 11, 2023 - Over 100 CVEs Addressed in First Patch Tuesday of 2023
• Jan. 11, 2023 - The first Microsoft Patch Tuesday of 2023 includes some rather important fixes
• Jan. 11, 2023 - Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
• Jan. 11, 2023 - January 2023 patch roundup: Microsoft tees up 98 updates
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with an in-the-wild exploit
• Jan. 11, 2023 - First Patch Tuesday of the year explodes with in-the-wild exploit fix
• Jan. 10, 2023 - 98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes
• Jan. 10, 2023 - Microsoft Patch Tuesday, January 2023 Edition
• Jan. 10, 2023 - Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)
• Jan. 10, 2023 - Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities