Microsoft has released the January 2023 Security Update, fixing 98 vulnerabilities, including one zero-day exploit.
Patch Tuesday is Microsoft’s term for when it releases updates and security fixes for Windows. The first Patch Tuesday of 2023 fixes a slew of issues, including 11 critical and 87 important issues. One of them, CVE-2023-21674, is currently being exploited.
Microsoft offers the following description of the zero-day exploit:
This vulnerability could lead to a browser sandbox escape.
Once the vulnerability is exploited, an attacker can achieve the following:
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
All users should update immediately.