Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)

To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one (CVE-2023-21549) that’s been publicly disclosed. Both allow attackers to elevate privileges on the vulnerable machine. Vulnerabilities of note CVE-2023-21674 is a vulnerability in Windows Advanced Local Procedure Call (ALPC) that could lead to a browser sandbox escape and allow attackers to gain SYSTEM privileges on a wide variety of Windows and … More →

The post …

actively exploited advanced alpc attackers automox browser call cve cve-2023-21674 don't miss escape exploited ivanti january local machine mark microsoft microsoft exchange patch patches patch tuesday privileges procedure sandbox sandbox escape security update sharepoint system system privileges tenable trend micro tuesday vulnerabilities vulnerability vulnerable windows zero-day