As part of the January 2023 updates, Microsoft has released updates that fix 98 security vulnerabilities, including a 0-day vulnerability, Windows ALPC.
The details of the detected 0-day security vulnerability are as follows;
- The vulnerability tracked as CVE-2023-21674 is a critical Privilege Escalation vulnerability that affects Windows’s ALPC (Advanced Local Procedure Call) component. The vulnerability due to the boundary fault could allow threat actors to execute code with SYSTEM privileges on the affected system. Advanced Local Procedure Call is a message-forwarding mechanism used in Windows systems.
It is known that threat actors actively exploit this vulnerability. Microsoft has released security updates that fix other vulnerabilities, including this one. In this context, it is recommended to immediately apply the published updates to vulnerable products and versions in order not to be the target of attacks that can be carried out using vulnerabilities.