Today is Microsoft’s February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of 77 flaws.
Nine vulnerabilities have been classified as ‘Critical’ as they allow remote code execution on vulnerable devices.
The number of bugs in each vulnerability category is listed below:
- 12 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 38 Remote Code Execution Vulnerabilities
- 8 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 8 Spoofing Vulnerabilities
This count does not include three Microsoft Edge vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5022845 and KB5022836 cumulative updates and Windows 10 KB5022834 and KB5022840 updates.
Three zero-days fixed
This month’s Patch Tuesday fixes three actively exploited zero-day vulnerabilities used in attacks.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The three actively exploited zero-day vulnerabilities fixed in today’s updates are:
CVE-2023-21823 – Windows Graphics Component Remote Code Execution Vulnerability discovered by Dhanesh Kizhakkinan, Genwei Jiang, and Dhanesh Kizhakkinan of Mandiant.
Microsoft says this remote code execution vulnerability allows attackers to execute commands with SYSTEM privileges.
This security update will be pushed out to users via the Microsoft Store rather than Windows Update. Therefore, for those customers who disable automatic updates in the Microsoft Store, Microsoft will not be pushing out the update automatically.
BleepingComputer has contacted Mandiant to learn more about these vulnerabilities were actively exploited.
CVE-2023-21715 – Microsoft Publisher Security Features Bypass Vulnerability discovered by Hidetake Jo of Microsoft.
The second zero-day vulnerability is in Microsoft Publisher and allows a specially crafted document to bypass Office macro policies that block untrusted or malicious files.
Exploiting this flaw would effectively allow macros in a malicious Publisher document to run without first warning the user.
“The attack itself is carried out locally by a user with authentication to the targeted system,” explains Microsoft.
“An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.”
CVE-2023-23376 – Windows Common Log File System Driver Elevation of Privilege Vulnerability discovered by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).
The third actively exploited vulnerability allows an “attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
BleepingComputer has contacted Microsoft to learn more about how the CVE-2023-21715 and CVE-2023-23376 vulnerabilities were exploited in attacks.
Recent updates from other companies
Other vendors who released updates in February 2023 include:
- Adobe released security updates for numerous products.
- Apple fixed an actively exploited WebKit zero-day vulnerability in iOS and MacOS.
- Atlassian released security updates for a critical Jira Service Management Server and Data Center vulnerability.
- Cisco released security updates for multiple products, including Cisco Identity Services, Cisco Broadworks, and the Cisco Email Security appliance.
- Google released the February security updates for Pixel.
- Fortra released a security update for the actively exploited GoAnywhere MFT zero-day flaw.
- SAP has released its February 2023 Patch Day updates.
The February 2023 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the February 2023 Patch Tuesday updates.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2023-21808 | .NET and Visual Studio Remote Code Execution Vulnerability | Critical |
.NET Framework | CVE-2023-21722 | .NET Framework Denial of Service Vulnerability | Important |
3D Builder | CVE-2023-23390 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-23377 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-23378 | Print 3D Remote Code Execution Vulnerability | Important |
Azure App Service | CVE-2023-21777 | Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability | Important |
Azure Data Box Gateway | CVE-2023-21703 | Azure Data Box Gateway Remote Code Execution Vulnerability | Important |
Azure DevOps | CVE-2023-21564 | Azure DevOps Server Cross-Site Scripting Vulnerability | Important |
Azure DevOps | CVE-2023-21553 | Azure DevOps Server Remote Code Execution Vulnerability | Important |
Azure Machine Learning | CVE-2023-23382 | Azure Machine Learning Compute Instance Information Disclosure Vulnerability | Important |
HoloLens | CVE-2019-15126 | MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device | Unknown |
Internet Storage Name Service | CVE-2023-21699 | Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | Important |
Internet Storage Name Service | CVE-2023-21697 | Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | Important |
Mariner | CVE-2022-43552 | Unknown | Unknown |
Microsoft Defender for Endpoint | CVE-2023-21809 | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | Important |
Microsoft Defender for IoT | CVE-2023-23379 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21807 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21573 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21571 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21572 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21778 | Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21570 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2023-23374 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Moderate |
Microsoft Edge (Chromium-based) | CVE-2023-21794 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
Microsoft Edge (Chromium-based) | CVE-2023-21720 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Low |
Microsoft Exchange Server | CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21707 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21706 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21529 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-21804 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-21823 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2023-21714 | Microsoft Office Information Disclosure Vulnerability | Important |
Microsoft Office OneNote | CVE-2023-21721 | Microsoft OneNote Spoofing Vulnerability | Important |
Microsoft Office Publisher | CVE-2023-21715 | Microsoft Publisher Security Features Bypass Vulnerability | Important |
Microsoft Office SharePoint | CVE-2023-21717 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Important |
Microsoft Office Word | CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability | Critical |
Microsoft PostScript Printer Driver | CVE-2023-21693 | Microsoft PostScript Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-21801 | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-21684 | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21686 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21685 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21799 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-21802 | Windows Media Remote Code Execution Vulnerability | Important |
Power BI | CVE-2023-21806 | Power BI Report Server Spoofing Vulnerability | Important |
SQL Server | CVE-2023-21713 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21718 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | Critical |
SQL Server | CVE-2023-21528 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21705 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21568 | Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21704 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2023-21566 | Visual Studio Elevation of Privilege Vulnerability | Important |
Visual Studio | CVE-2023-21815 | Visual Studio Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2023-23381 | Visual Studio Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2023-21567 | Visual Studio Denial of Service Vulnerability | Important |
Windows Active Directory | CVE-2023-21816 | Windows Active Directory Domain Services API Denial of Service Vulnerability | Important |
Windows ALPC | CVE-2023-21688 | NT OS Kernel Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2023-21812 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-21813 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-21819 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows Distributed File System (DFS) | CVE-2023-21820 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Important |
Windows Fax and Scan Service | CVE-2023-21694 | Windows Fax Service Remote Code Execution Vulnerability | Important |
Windows HTTP.sys | CVE-2023-21687 | HTTP.sys Information Disclosure Vulnerability | Important |
Windows Installer | CVE-2023-21800 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows iSCSI | CVE-2023-21803 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | Critical |
Windows iSCSI | CVE-2023-21700 | Windows iSCSI Discovery Service Denial of Service Vulnerability | Important |
Windows iSCSI | CVE-2023-21702 | Windows iSCSI Service Denial of Service Vulnerability | Important |
Windows iSCSI | CVE-2023-21811 | Windows iSCSI Service Denial of Service Vulnerability | Important |
Windows Kerberos | CVE-2023-21817 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
Windows MSHTML Platform | CVE-2023-21805 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
Windows ODBC Driver | CVE-2023-21797 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows ODBC Driver | CVE-2023-21798 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows Protected EAP (PEAP) | CVE-2023-21695 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | Important |
Windows Protected EAP (PEAP) | CVE-2023-21701 | Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability | Important |
Windows Protected EAP (PEAP) | CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | Critical |
Windows Protected EAP (PEAP) | CVE-2023-21691 | Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | Important |
Windows Protected EAP (PEAP) | CVE-2023-21690 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | Critical |
Windows Protected EAP (PEAP) | CVE-2023-21689 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | Critical |
Windows SChannel | CVE-2023-21818 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows Win32K | CVE-2023-21822 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Source: www.bleepingcomputer.com