===================================================================                                 CERT-Renater

                      Note d'Information No. 2023/VULN002

_____________________________________________________________________

DATE                : 11/01/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Microsoft products.

====================================================================https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan
_____________________________________________________________________


January 2023 Security Updates


Updates this Month

This release consists of security updates for the following products, 
features and roles.

     .NET Core
     3D Builder
     Azure Service Fabric Container
     Microsoft Bluetooth Driver
     Microsoft Exchange Server
     Microsoft Graphics Component
     Microsoft Local Security Authority Server (lsasrv)
     Microsoft Message Queuing
     Microsoft Office
     Microsoft Office SharePoint
     Microsoft Office Visio
     Microsoft WDAC OLE DB provider for SQL
     Visual Studio Code
     Windows ALPC
     Windows Ancillary Function Driver for WinSock
     Windows Authentication Methods
     Windows Backup Engine
     Windows Bind Filter Driver
     Windows BitLocker
     Windows Boot Manager
     Windows Credential Manager
     Windows Cryptographic Services
     Windows DWM Core Library
     Windows Error Reporting
     Windows Event Tracing
     Windows IKE Extension
     Windows Installer
     Windows Internet Key Exchange (IKE) Protocol
     Windows iSCSI
     Windows Kernel
     Windows Layer 2 Tunneling Protocol
     Windows LDAP - Lightweight Directory Access Protocol
     Windows Local Security Authority (LSA)
     Windows Local Session Manager (LSM)
     Windows Malicious Software Removal Tool
     Windows Management Instrumentation
     Windows MSCryptDImportKey
     Windows NTLM
     Windows ODBC Driver
     Windows Overlay Filter
     Windows Point-to-Point Tunneling Protocol
     Windows Print Spooler Components
     Windows Remote Access Service L2TP Driver
     Windows RPC API
     Windows Secure Socket Tunneling Protocol (SSTP)
     Windows Smart Card
     Windows Task Scheduler
     Windows Virtual Registry Provider
     Windows Workstation Service

Please note the following information regarding the security updates:


Security Update Guide Blog Posts

Date 	Blog Post
January 6, 2023 	Publishing CBL-Mariner CVEs on the Security 
               Update Guide CVRF API
December 29, 2022 	Security Update Guide Improvement – 
         Representing  Hotpatch Updates
August 9, 2022 	Security Update Guide Notification System News: Create 
                         your profile now
January 11, 2022 	Coming Soon: New Security Update Guide 
           Notification System
February 9, 2021 	Continuing to Listen: Good News about the 
              Security Update Guide API
January 13, 2021 	Security Update Guide Supports CVEs Assigned 
                 by Industry Partners
December 8, 2020 	Security Update Guide: Let’s keep the 
          conversation going
November 9, 2020 	Vulnerability Descriptions in the New Version 
                  of the Security Update Guide

Relevant Information

     The new Hotpatching feature is now generally available. Please see 
Hotpatching feature for Windows Server Azure Edition virtual machines 
(VMs) for more information.

     Windows 10 updates are cumulative. The monthly security release 
includes all security fixes for vulnerabilities that affect Windows 10, 
in addition to non-security updates. The updates are available via the 
Microsoft Update Catalog. For information on lifecycle and support dates 
for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

     Microsoft is improving Windows Release Notes. For more information, 
please see What's next for Windows release notes.
     A list of the latest servicing stack updates for each operating 
system can be found in ADV990001. This list will be updated whenever a 
new servicing stack update is released. It is important to install the 
latest servicing stack update.

     In addition to security changes for the vulnerabilities, updates
include defense-in-depth updates to help improve security-related features.

     Customers running Windows 7, Windows Server 2008 R2, or
Windows Server 2008 need to purchase the Extended Security Update to 
continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see 
these in more detail from the Vulnerabilities tab by selecting FAQs, 
Mitigations and Workarounds columns in the Edit Columns panel.

     CVE-2023-21524
     CVE-2023-21525
     CVE-2023-21531
     CVE-2023-21532
     CVE-2023-21535
     CVE-2023-21536
     CVE-2023-21537
     CVE-2023-21539
     CVE-2023-21540
     CVE-2023-21541
     CVE-2023-21542
     CVE-2023-21543
     CVE-2023-21546
     CVE-2023-21548
     CVE-2023-21549
     CVE-2023-21550
     CVE-2023-21551
     CVE-2023-21552
     CVE-2023-21555
     CVE-2023-21556
     CVE-2023-21557
     CVE-2023-21558
     CVE-2023-21559
     CVE-2023-21560
     CVE-2023-21561
     CVE-2023-21563
     CVE-2023-21674
     CVE-2023-21675
     CVE-2023-21676
     CVE-2023-21678
     CVE-2023-21679
     CVE-2023-21680
     CVE-2023-21681
     CVE-2023-21682
     CVE-2023-21724
     CVE-2023-21725
     CVE-2023-21726
     CVE-2023-21730
     CVE-2023-21732
     CVE-2023-21733
     CVE-2023-21734
     CVE-2023-21735
     CVE-2023-21736
     CVE-2023-21737
     CVE-2023-21738
     CVE-2023-21739
     CVE-2023-21741
     CVE-2023-21742
     CVE-2023-21743
     CVE-2023-21744
     CVE-2023-21745
     CVE-2023-21746
     CVE-2023-21747
     CVE-2023-21748
     CVE-2023-21749
     CVE-2023-21750
     CVE-2023-21752
     CVE-2023-21753
     CVE-2023-21754
     CVE-2023-21755
     CVE-2023-21759
     CVE-2023-21760
     CVE-2023-21761
     CVE-2023-21762
     CVE-2023-21763
     CVE-2023-21764
     CVE-2023-21765
     CVE-2023-21766
     CVE-2023-21767
     CVE-2023-21768
     CVE-2023-21771
     CVE-2023-21772
     CVE-2023-21773
     CVE-2023-21774
     CVE-2023-21776
     CVE-2023-21779
     CVE-2023-21780
     CVE-2023-21781
     CVE-2023-21782
     CVE-2023-21783
     CVE-2023-21784
     CVE-2023-21785
     CVE-2023-21786
     CVE-2023-21787
     CVE-2023-21788
     CVE-2023-21789
     CVE-2023-21790
     CVE-2023-21791
     CVE-2023-21792
     CVE-2023-21793


Known Issues

You can see these in more detail from the Deployments tab by selecting 
Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows 
message center (links to currently-supported versions of Windows are in 
the left pane).

KB Article 	Applies To
5022143 	Microsoft Exchange Server 2016
5022193 	Microsoft Exchange Server 2019
5022286 	Windows 10, version 1809, Windows Server 2019
5022303 	Windows 11 version 22H2
5022338 	Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5022339 	Windows 7, Windows Server 2008 R2 (Security-only update)
5022340 	Windows Server 2008 (Monthly Rollup)
5022343 	Windows Server 2012 (Security-only update)
5022346 	Windows 8.1, Windows Server 2012 R2 (Security-only update)
5022348 	Windows Server 2012 (Monthly Rollup)
5022352 	Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5022353 	Windows Server 2008 (Security-only update)


Released: Jan 11, 2023



========================================================+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=======================================================