LR pixel

Microsoft has released 98 security patches for this month’s January 2023 Patch Tuesday release. One of the fixes is for CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability). The vulnerability is rated critical, and exploitation of the vulnerability was observed in the field by Microsoft. This has a CVSS score of 8.8.Why is this Significant?This is significant because Microsoft observed CVE-2023-21674 being exploited as a 0-day, as such the patch should be applied as soon as possible. As CVE-2023-21674 is a local privilege escalation vulnerability, attackers need to either chain the exploit for CVE-2023-21674 with other exploit(s) or have already gain access to the victim’s network, which lower the severity.What is CVE-2023-21674?CVE-2023-21674 is a Local Privilege Escalation vulnerability in Windows Advanced Local Procedure Call (ALPC), which attackers can exploit for a browser sandbox escape to gain SYSTEM privileges in vulnerable systems.Has the Vendor Released an Advisory?Yes, Microsoft released an advisory. See the Appendix for a link to “Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability”.Has the Vendor Released a Patch for CVE-2023-21674?Yes, Microsoft released a patch for CVE-2023-21674 as part of January Patch Tuesday on January 10, 2023.What is the Status of Protection?FortiGuard Labs has released the following IPS signature for CVE-2023-21674 in version 22.472 on January 10th, 2023:MS.Windows.ALPC.CVE-2023-21674.Privilege.Elevation (default action is set to “pass”)