Security News > 2023 > January > First Patch Tuesday of the year explodes with in-the-wild exploit fix
Patch Tuesday Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that's already been exploited and another listed as publicly known.
Microsoft explains how to trigger this upgrade in the alert as Childs notes: "Situations like this are why people who scream 'Just patch it!' show they have never actually had to patch an enterprise in the real world."
"Email servers like Exchange are high-value targets for attackers, as they can allow an attacker to gain sensitive information through reading emails, or to facilitate Business Email Compromise style attacks by sending emails that appear to be legitimate," Immersive Labs' Director of Cyber Threat Research Kev Breen told The Register.
While SAP Security Note #3089413 ranks the lowest in terms of the new HotNews Notes with a CVSS of 9.0, "It is possibly the most critical one of SAP's January Patch Day, since it affects the majority of all SAP customers, and its mitigation is a challenge," said Thomas Fritsch, SAP security researcher at Onapsis.
"Complete patching of the vulnerability includes applying a kernel patch, an ABAP patch, and a manual migration of all trusted RFC and HTTP destinations. Both of the systems of a communication scenario need to be patched to mitigate the vulnerability."
Security note #3262810 fixes a crucial code injection vulnerability in SAP BusinessObjects Business Intelligence platform, while #3275391 patches a bug that could allow an unauthenticated attacker to execute crafted database queries in SAP Business Planning and Consolidation Microsoft to read, modify, or delete data.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/01/11/patch_tuesday_january_2023/
Related news
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)