back to article First Patch Tuesday of the year explodes with in-the-wild exploit fix

Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023 including one that's already been exploited and another listed as publicly known. Of the new January vulnerabilities, 11 are rated critical because they lead to remote code execution. The bug that's under exploit, tracked as CVE-2023-21674, is an advanced …

  1. Captain_Cretin

    And so it begins

    I was woken up by a relative phoning and reporting a bootloop after the update this morning.

    1. Lil Endian
      Joke

      Re: And so it begins

      Better a relative phoning than an absolute pwning!

      1. Captain_Cretin

        Re: And so it begins

        Firth thing my mother did was turn to my step-father and ask what he had done to fcuk it up:-)

        1. Lil Endian
          Pint

          Re: And so it begins

          I get the same kind of thing from my mum when a website "doesn't work properly", she wants to know what she's done wrong. "Nothing mum, it's their end, try later." "But it worked earlier..."

          Ya can't refuse tech support to yer mum!

    2. Captain_Cretin

      Re: And so it begins

      Details after the fix.

      This was one of those tiny Lenovo boxes, with an NVME drive internally, and an old Win7 HDD in a USB case - it appears that the old drive confused Win Update; and also screwed all recovery attempts from my Win10 recovery thumbdrive.

      I was faced with options to repair Win7 or Win Vista, despite the recovery tool clearly saying it was Win10 and the NVME drive; ditto all restore or back-up options.

      After unplugging the external drive and rebooting, the repair options started working correctly and Win10 options replaced Win7/Vista; so I could roll back a few days and reinstall the updates with no issues.

      I hope this helps anyone else facing issues today.

      1. Anonymous Coward
        Anonymous Coward

        Win 10 has gotten wierd about boot volumes

        Somewhere along the way the line between drives got fuzzy, and it stopped trying to make sane guesses on things.

        Not realizing there was more than one valid recovery partition or stopping looking after it "found" the first one is a fine example. Another is how Win10 will happily spray the system partitions across multiple disks, instead of keeping them together or asking. Another is is insistence of creating hidden volumes at the end of a disk, which is fun when you are using virtual storage and can expand the volume with a few mouse clicks, but can't enlarge it in windows because the disk management tools are from the 1990's still.

        So yeah, when in doubt, disconnect everything but the boot volume and try again, and don't try to install on a setup windows will see as more than one dive volume if you don't feel like manually fixing it at either the command line or setup screens during the install.

  2. chivo243 Silver badge
    Holmes

    One more cuppa?

    When I read this part, I thought to myself, MS has patches for Windows 98?

    "Microsoft fixed 98 security flaws in its first Patch Tuesday of 2023."

    Make that two cups please!

    Sherlock, he looks as pensive as I was...

    1. Anonymous Coward
      Anonymous Coward

      Re: One more cuppa?

      Underneath the spit and shine, it probably is still Windows 98....

    2. Version 1.0 Silver badge
      Joke

      Re: One more cuppa?

      Is Windows 98 still working fine because Microsoft hasn't patched it for years now?

      1. cmdrklarg

        Re: One more cuppa?

        My nephews have an old Win98 PC (I built it for their dad back in 1999) that runs a plasma cutter; works like a champ. I worked on it a couple of years ago and all it needed was a new CMOS battery. I would have upgraded them, but the plasma cutter requires a certain version of the software, which will only run under Win98.

        It's not connected to the internet, so that may be part of it. It's also quite amazing how fast the PC boots into Windows on that old hardware.

  3. Anonymous Coward
    Anonymous Coward

    CVE-2023-21743 interests me as Teams is basically SharePoint with knobs on. I've always said that using the SDK showed me the security in Teams is about as good as Swiss cheese, so let's see who's been compromised by this one and what interesting things are going to leak out (assuming it's actually been exploited, that is)

    Anon because, y´know, stuff

  4. ThatOne Silver badge
    Devil

    "First Patch Tuesday of 2023" missing information

    All right, we got what it pretends fixing, but I missed the part about what it is breaking.

    Don't tell me it doesn't break anything!...

    1. original_rwg
      Mushroom

      Re: "First Patch Tuesday of 2023" missing information

      FAA Grounds all US domestic flights due to a 'glitch'.

      Just coincidence. Nothing to see here. Please move along.

    2. Lil Endian

      Re: "First Patch Tuesday of 2023" missing information

      Sharepoint and Exchange seem like good bets to me....

      (I wonder if Betfred would take that on!)

  5. Plest Silver badge

    A yes monthly patching time again....

    1. Send email stating dev patching tonight, test in 2 days, prod in 5 days.

    2. Check patching software and hit confirm.

    3. Leave work and sleep easy.

    Come in next day and check logs.

    1. DCdave

      Re: A yes monthly patching time again....

      Steps 1 & 2 are automated here, step 3 is autopilot.

      Addendum based on November patches:

      4. Wake up and find lots and lots of things broken and people screaming. Marvel that no-one invoked on-call.

      5. Spend the next week with Microsoft trying to fix everything.

  6. John Brown (no body) Silver badge

    Microsoft

    Starting 2023 as they mean to go on :-)

  7. Lorribot

    Android had 50 flaws that needed patching. I assume this does not include all the unsupported versions of Android still out there on half the 5 bazillion Android devices, also may take a while for you OEM/Vendor to release said patches, creating a small window of opportunity.

    Adobe has just 6 or 7 apps and still managed 29 flaws patched.

    Makes MS's 96 across it's OS and much larger range of applications seem quite reasonable.

  8. ITS Retired
    Linux

    Just because... It works much better

    I'm 78 and made the switch from Microsoft to Linux a year ago. I'm not going back.

    Peace of mind is well worth it.

    1. Tim99 Silver badge
      Windows

      I'm just a bit younger, but switched to a Mac as my main machine a few years after I retired (Possibly because I used some obscure BSDs in the 70s/80s?).

      Occasionally I use Parallels VMs on an iMac to run Windows XP (not networked!) and Windows 11 - A Raspberry Pi 4B to play with; and sometimes, for nostalgia, an original Pi. If I ever upgrade the iMac to Silicon, my life will get simpler as Parallels and Windows won't be included.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like