It's January 10, 2023, and that means it's Microsoft's first Patch Tuesday of 2023.
It's also the last update day for Windows 7 devices enrolled in Extended Security Updates and for all Windows 8 devices.
Summary of highlights
- Support for Windows 7 and Windows 8.1 ends today. Microsoft will no longer release security updates for both operating systems after January 10, 2023.
- Microsoft has released security products for other company products, including Visual Studio Code, .NET Core, Microsoft Office, and Microsoft Exchange Server.
- Versions of Windows that have known issues and are being updated: Windows 7, Windows 8.1, Windows 10 version 1809, Windows 11 version 22H2
- Versions of Windows Server that have known issues and are being updated: Windows Server 2008, 2008 R2, 2012, 2012 R2, and Windows Server 2019
Here are the updates
- Windows 7(extended support only): 40 vulnerabilities: 8 critical and 35 important
- Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21730
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21679
- Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21561
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21556
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21555
- Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-21548
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21543
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21546
- Windows 8.1: 48 vulnerabilities: 9 critical and 39 important,
- All eight security issues listed under Windows 7, plus
- Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-21535
- Windows 10 version 21H2 and 22H2: 63 vulnerabilities, 10 critical and 53 important
- Same as Windows 8.1, plus
- Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21551
- Windows 11 and Windows 11 version 22H2: 64 vulnerabilities, 10 critical and 54 important
- Same as Windows 10
Windows Server products
- Windows Server 2008 R2 (extended support only): 39 vulnerabilities: 8 critical and 31 important
- Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21730
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21679
- Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21561
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21556
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21555
- Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-21548
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21543
- Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability — CVE-2023-21546
- Windows Server 2012 R2: 47 vulnerabilities: 9 critical and 38 important
- All eight security issues listed under Windows Server 2008 R2, plus
- Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-21535
- WinWindows Server 2016: 50 vulnerabilities: 9 critical and 41 important
- Same as Windows Server 2012 R2.
- Windows Server 2019: 56 vulnerabilities: 10 critical and 46 important
- Same As Windows Server 2012 R2, plus
- Microsoft Cryptographic Services Elevation of Privilege Vulnerability — CVE-2023-21551
- Windows Server 2022: 61 vulnerabilities: 10 critical and 51 important
- Same as Windows Server 2019.
