Security News > 2023 > January > Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches

Microsoft Patch Tuesday: One 0-day; Win 7 and 8.1 get last-ever patches
2023-01-11 19:22

Glaringly obvious at the very top of the list are the names in the Product column of the first nine entries, dealing with an elevation-of-privilege patch denoted CVE-2013-21773 for Windows 7, Windows 8.1, and Windows RT 8.1.

Windows 8.1, which is remembered more as a sort-of "Bug-fix" release for the unlamented and long-dropped Windows 8 than as a real Windows version in its own right, never really caught on.

You'll sometimes read that the comparative unpopularity of Windows 8 is why the next major release after 8.1 was numbered Windows 10, thus deliberately creating a sense of separation between the old version and the new one.

Shed your tears now, because this month sees the very last security updates for the old-school Windows 7 and Windows 8.1 versions.

Intriguingly, the CVE-2023-21674 bug, which is actively in use by attackers, isn't on the Windows 7 patch list, but it does apply to Windows 8.1.

The second bug, CVE-2023-21549, described as publicly known, applies to both Windows 7 and Windows 8.1.


News URL

https://nakedsecurity.sophos.com/2023/01/11/microsoft-patch-tuesday-one-0-day-win-7-and-8-1-get-last-ever-patches/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-10 CVE-2023-21674 Use After Free vulnerability in Microsoft products
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-416
8.8
8.8
2023-01-10 CVE-2023-21549 Improper Privilege Management vulnerability in Microsoft products
Windows SMB Witness Service Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-269
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774