The Microsoft January 2023 security updates have been released and consist of 98 new CVEs. Of these CVEs, 11 are rated critical and 87 are rated important in severity. At the time of release, one is listed as publicly known and one as being in the wild.
The security updates apply to the following products, features, and roles: .NET Core, 3D Builder, Azure Service Fabric Container, Microsoft Bluetooth Driver, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Local Security Authority Server (lsasrv), Microsoft Message Queuing, Microsoft Office, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft WDAC OLE DB provider for SQL, Visual Studio Code, Windows ALPC, Windows Ancillary Function Driver for WinSock, Windows Authentication Methods, Windows Backup Engine, Windows Bind Filter Driver, Windows BitLocker, Windows Boot Manager, Windows Credential Manager, Windows Cryptographic Services, Windows DWM Core Library, Windows Error Reporting, Windows Event Tracing, Windows IKE Extension, Windows Installer, Windows Internet Key Exchange (IKE) Protocol, Windows iSCSI, Windows Kernel, Windows Layer 2 Tunneling Protocol, Windows LDAP - Lightweight Directory Access Protocol, Windows Local Security Authority (LSA), Windows Local Session Manager (LSM), Windows Malicious Software Removal Tool, Windows Management Instrumentation, Windows MSCryptDImportKey, Windows NTLM, Windows ODBC Driver, Windows Overlay Filter, Windows Point-to-Point Tunneling Protocol, Windows Print Spooler Components, Windows Remote Access Service L2TP Driver, Windows RPC API, Windows Secure Socket Tunneling Protocol (SSTP), Windows Smart Card, Windows Task Scheduler, Windows Virtual Registry Provider, and Windows Workstation Service.
See the long list of KBs at the bottom of the page at January 2023 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.
Important:
Windows 8.1 has reached the end of support today. The December 13, 2022 security update was the last update available for this version. Devices running this version will no longer receive monthly security and quality updates.
In addition, Windows 10 21HW has reached the end of service today as well as Extended Security Updates (ESU) for Windows 7 Professional and Enterprise users today.
Recommended Reading: See Dustin Childs review and analysis in Zero Day Initiative -- The January 2023 Security Update Review.
Additional Update Notes:
- MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly. See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
- Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
- Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro - Microsoft Lifecycle | Microsoft Docs and Windows 11 Home and Pro (Version 21H2) - Microsoft Lifecycle | Microsoft Docs.
- Windows Update History:
References
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment