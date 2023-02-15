



After releasing an unusually large patch load in January 2023, the number of fixes rolled out yesterday is typical for February. Microsoft’s February patch patch included fixes for a total of 76 vulnerabilities, 3 of which are actively exploited and are zero-day bugs.

Of the 76 vulnerabilities, 9 are rated Critical and 66 are rated Critical by Trend Micros Zero Day Initiative. For the CVSS 3.1 rating, five vulnerabilities received a score of 9.8 and fell into the Critical severity category. Fifty-three defects have scores ranging from 7 to 8.9, indicating high severity. 17 vulnerabilities are moderate severity (CVSS scores between 4 and 6.9) and one is low severity (CVSS score less than 4).

Of the 76 vulnerabilities, 37 are remote code execution (RCE) vulnerabilities. 11 are Elevation of Privilege (EoP) flaws, 2 each lead to security feature bypass (SFB) and spoofing, 10 allow attackers to perform denial of service (DoS) attacks, and 8 lead to information disclosure make it possible. At the same time, six are cross-site scripting (XSS) flaws.

This month’s Patch Month update is smaller than the fixes released in January, but it addresses 3 actively exploited zero days, 12 of which are related to privilege escalation. The fact that it’s still around means it’s still a pretty major update, Mark Lam, CEO of HighGround.io, told Spiceworks.

As with most Patch Tuesdays, administrators are encouraged to prioritize zero-day and other critical patches if they cannot be applied all at once for fear of system failure.

Risk Crew CEO Richard Hollis warned Spiceworks: A critical patch that addresses only remote code execution is essential given the dramatic increase in users working from home. But the three that address zero-day CVEs are mission critical in today’s threat landscape. Don’t leave work without sorting these out.

February Patch Tuesday Zero-Day Vulnerability CVE-2023-21823Open a New Window

CVE-2023-21823, with a CVSS score of 7.8, is a critical flaw in the Windows Graphics component. CVE-2023-21823 shares similarities with previous vulnerabilities, but targets a different component of the Windows Graphics system, said Mike Walters, vice president of vulnerability and threat research at Action1. tells his Spiceworks.

This vulnerability is relatively easy to exploit, utilizes a local vector, requires a low level of access, and does not require user interaction. All Windows operating systems starting with Windows 7 are vulnerable to this issue. Microsoft has confirmed that this vulnerability is currently being exploited in the wild, but a proof of concept has not yet been made public.

Although CVE-2023-21823 is an RCE flaw, Microsoft notes that its attack vector is local, which means exploits must be performed locally. Low attack complexity, low privilege requirements, and no user interaction required.

CVE-2023-23376Open a new window

Similar to CVE-2023-21823, CVE-2023-23376 (CVSS score of 7.8) also has a low attack complexity, requires low privileges, and does not require user interaction. This is an EoP flaw present in the Windows Common Log File System Driver.

Dustin Childs, head of threat awareness for Trend Micros Zero Day Initiative, pointed out that CVE-2023-23376 is part of another RCE bug that spreads malware and ransomware. This affects not only Windows 10 and 11, but also Windows Server 2008, 2012, 2016, 2019 and 2022.

Identified by the Microsoft Threat Intelligence Center, this vulnerability actively exploits devices with existing system access and is a result of how the CLFS driver interacts with objects in memory on the system. says Peter Pflaster, Product Marketing Manager at Automoxs, opening a new window.

Exploitation of this vulnerability requires a malicious person to log in and execute a maliciously crafted binary to elevate their privilege level. An attacker who successfully exploited this vulnerability could gain system privileges.

CVE-2023-21715Open a new window

CVE-2023-21715 (CVSS score 7.3) is an SFB bug in Microsoft Office with low attack complexity and low privilege requirements. However, user interaction is required.

Successful exploitation of CVE-2023-21715 allows an attacker to use a specially crafted document to bypass Office macro defenses and execute code blocked by policy. Only Publisher installations offered as part of Microsoft 365 Apps for Enterprise are listed as affected, writes a Rapid7 expert in a blog postOpens a new window.

Other Critical Vulnerabilities from February Patch Month

Ankit Malhotra, Engineering Manager at Qualys, added: CVE-2023-21808, CVE-2023-21815, CVE-2023-23381).

Lamd emphasized the importance of last year’s Microsoft Autopatch release. He told his Spiceworks: Luckily for many organizations, the automated patching feature makes Patch Tuesday a breeze. This makes applying the update much easier and closes the door firmly on what was known as Exploit Wednesday.

For organizations that have Autopatch available but have not yet enabled the feature, we recommend that you do so now. This feature relieves a heavy burden on overburdened IT teams and helps keep systems secure and up-to-date.

