Threat Signal Report
Microsoft Patch Tuesday Fixed Zero Day Elevation of Privilege Vulnerability (CVE-2023-21674)
Microsoft has released 98 security patches for this month's January 2023 Patch Tuesday release. One of the fixes is for CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability). The vulnerability is rated critical, and exploitation of the vulnerability was observed in the field by Microsoft. This has a CVSS score of 8.8.
Why is this Significant?
This is significant because Microsoft observed CVE-2023-21674 being exploited as a 0-day, as such the patch should be applied as soon as possible. As CVE-2023-21674 is a local privilege escalation vulnerability, attackers need to either chain the exploit for CVE-2023-21674 with other exploit(s) or have already gain access to the victim's network, which lower the severity.
What is CVE-2023-21674?
CVE-2023-21674 is a Local Privilege Escalation vulnerability in Windows Advanced Local Procedure Call (ALPC), which attackers can exploit for a browser sandbox escape to gain SYSTEM privileges in vulnerable systems.
Has the Vendor Released an Advisory?
Yes, Microsoft released an advisory. See the Appendix for a link to "Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability".
Has the Vendor Released a Patch for CVE-2023-21674?
Yes, Microsoft released a patch for CVE-2023-21674 as part of January Patch Tuesday on January 10, 2023.
What is the Status of Protection?
FortiGuard Labs has released the following IPS signature for CVE-2023-21674 in version 22.472 on January 10th, 2023:
- MS.Windows.ALPC.CVE-2023-21674.Privilege.Elevation (default action is set to "pass")
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability (Microsoft)