Critical Microsoft Vulnerability CVE-2023-23364 Requires Immediate Patching

Microsoft has issued an emergency security advisory for CVE-2023-23364, a critical vulnerability affecting multiple versions of Windows operating systems. The vulnerability allows unauthenticated remote attackers to execute arbitrary code with system privileges.

The vulnerability resides in the Windows Print Spooler service. An attacker who successfully exploits this vulnerability could take complete control of an affected system. This includes installing programs, viewing, changing, or deleting data, and creating new accounts with full user rights.

Affected Products:

• Windows 10 Version 1809 and later
• Windows 11 Version 21H2 and later
• Windows Server 2019 and later
• Windows Server 2022

CVSS Score: 9.8 (Critical)

The vulnerability is being actively exploited in the wild. Microsoft has confirmed limited targeted attacks exploiting this vulnerability. Organizations should prioritize patching immediately.

Mitigation Steps:

1. Apply the security update immediately:

   • Windows 10: KB5034441
   • Windows 11: KB5034442
   • Windows Server 2019: KB5034439
   • Windows Server 2022: KB5034440

2. For systems that cannot be patched immediately:

   • Disable the Print Spooler service
   • Block TCP ports 445 and 139 at network boundaries
   • Implement application whitelisting to prevent unauthorized code execution

3. Monitor for suspicious activity:

   • Unusual print job submissions
   • Unexpected service restarts
   • Unauthenticated network connections to print services

Timeline:

• Vulnerability discovered: January 15, 2023
• Security release: January 23, 2023
• Exploitation observed: January 18, 2023

Organizations should apply the security update as soon as possible. For environments where patching cannot be completed immediately, Microsoft recommends implementing the workarounds until patches can be applied.

For more information, visit the Microsoft Security Advisory and the CISA Alert AA23-012A.