Security News > 2023 > January > First Patch Tuesday of the year explodes with in-the-wild exploit fix

Patch Tuesday Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that's already been exploited and another listed as publicly known.
Microsoft explains how to trigger this upgrade in the alert as Childs notes: "Situations like this are why people who scream 'Just patch it!' show they have never actually had to patch an enterprise in the real world."
"Email servers like Exchange are high-value targets for attackers, as they can allow an attacker to gain sensitive information through reading emails, or to facilitate Business Email Compromise style attacks by sending emails that appear to be legitimate," Immersive Labs' Director of Cyber Threat Research Kev Breen told The Register.
While SAP Security Note #3089413 ranks the lowest in terms of the new HotNews Notes with a CVSS of 9.0, "It is possibly the most critical one of SAP's January Patch Day, since it affects the majority of all SAP customers, and its mitigation is a challenge," said Thomas Fritsch, SAP security researcher at Onapsis.
"Complete patching of the vulnerability includes applying a kernel patch, an ABAP patch, and a manual migration of all trusted RFC and HTTP destinations. Both of the systems of a communication scenario need to be patched to mitigate the vulnerability."
Security note #3262810 fixes a crucial code injection vulnerability in SAP BusinessObjects Business Intelligence platform, while #3275391 patches a bug that could allow an unauthenticated attacker to execute crafted database queries in SAP Business Planning and Consolidation Microsoft to read, modify, or delete data.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/01/11/patch_tuesday_january_2023/
Related news
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)