Threat Signal Report

Microsoft Patch Tuesday Fixed Zero Day Elevation of Privilege Vulnerability (CVE-2023-21674)

description-logo Description

Microsoft has released 98 security patches for this month's January 2023 Patch Tuesday release. One of the fixes is for CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability). The vulnerability is rated critical, and exploitation of the vulnerability was observed in the field by Microsoft. This has a CVSS score of 8.8.

Why is this Significant?

This is significant because Microsoft observed CVE-2023-21674 being exploited as a 0-day, as such the patch should be applied as soon as possible. As CVE-2023-21674 is a local privilege escalation vulnerability, attackers need to either chain the exploit for CVE-2023-21674 with other exploit(s) or have already gain access to the victim's network, which lower the severity.

What is CVE-2023-21674?

CVE-2023-21674 is a Local Privilege Escalation vulnerability in Windows Advanced Local Procedure Call (ALPC), which attackers can exploit for a browser sandbox escape to gain SYSTEM privileges in vulnerable systems.

Has the Vendor Released an Advisory?

Yes, Microsoft released an advisory. See the Appendix for a link to "Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability".

Has the Vendor Released a Patch for CVE-2023-21674?

Yes, Microsoft released a patch for CVE-2023-21674 as part of January Patch Tuesday on January 10, 2023.

What is the Status of Protection?

FortiGuard Labs has released the following IPS signature for CVE-2023-21674 in version 22.472 on January 10th, 2023:

  • MS.Windows.ALPC.CVE-2023-21674.Privilege.Elevation (default action is set to "pass")