Security Advisory 2023-001

Release Date:

Zero-day and Critical Vulnerabilities in Microsoft Windows



  • 11/01/2023 --- v1.0 -- Initial publication


On January 10, 2023, on their first Patch Tuesday of 2023, Microsoft fixed an actively exploited zero-day Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability and a total of 98 flaws [1]. Eleven of them were classified as critical by Microsoft as they allow remote code execution, bypass security features, or elevate privileges.

It is highly recommended applying the fixes as soon as possible.

Technical Details

According to Microsoft, the zero-day vulnerability CVE-2023-21674 is a Sandbox escape vulnerability that could lead to the elevation of privileges. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. [1][2]

There is a functional exploit code for the zero-day vulnerability.

The number of bugs in each vulnerability category is listed below:

  • 39 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 33 Remote Code Execution Vulnerabilities
  • 10 Information Disclosure Vulnerabilities
  • 10 Denial of Service Vulnerabilities
  • 2 Spoofing Vulnerabilities

Affected Products

Multiple versions of Microsoft Windows [2]. Please refer to the links provided for each vulnerability in order to identify the exact versions of each affected system and the patch that should be applied.


CERT-EU highly recommends installing the updates provided by Microsoft.




We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.