Microsoft Fixes 3 Actively Exploited Zero-Day in February Patch Tuesday
Three actively exploited zero-day vulnerabilities and a total of 75 flaws are fixed by Microsoft’s security updates and Patch Tuesday for February 2023.
These updates are separate from the 22 vulnerabilities the company recently addressed in Microsoft’s Edge browser, which is based on Chromium. Out of the 75 vulnerabilities, 9 are considered critical, while 66 are rated important.
Among the vulnerabilities are 38 remote code execution, 12 elevation of privilege, 10 denial of service, 8 information disclosure, 8 spoofing, and 2 security feature bypass.
The three actively exploited zero-day flaws that have been patched are as follows:
- CVE-2023-21823 (CVSS score: 7.8)-Windows Graphics Component Elevation of Privilege Vulnerability: It is a remote code execution vulnerability that can grant attackers SYSTEM privileges. The update will be distributed through the Microsoft Store.
- CVE-2023-23376 (CVSS score: 7.8) – Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability: If this vulnerability is successfully exploited, the attacker could potentially gain SYSTEM privileges.
- CVE-2023-21715 (CVSS score: 7.3) – Microsoft Office Security Feature Bypass Vulnerability: This vulnerability could bypass Office macro policies that block malicious or untrusted files. If this flaw is exploited, macros in a Publisher document can run without warning the user. Microsoft states that this vulnerability can only be exploited locally by a user who has authentication to the targeted system.
Out of nine critical vulnerabilities, the following were the most severe. All are remote code execution vulnerabilities. They all received a CVSS score of 8.5:
- CVE-2023-21716: This vulnerability is found in Microsoft Word. An unauthenticated attacker could exploit CVE-2023-21716 by sending a malicious email with an RTF payload. The attacker can then run commands in the application that was used to open the file. The Preview Pane is an attack vector for this vulnerability.
- CVE-2023-21803: The vulnerability resides in Windows iSCSI Discovery Service. An attacker would need the iSCSI Initiator client application to be enabled, which is disabled by default, in order to exploit this vulnerability.
- CVE-2023-21692 & CVE-2023-21690: To attack a PEAP (Microsoft Protected Extensible Authentication Protocol) Server, an unauthenticated attacker could send specially crafted PEAP packets over the network. As mitigation, check that PEAP is not configured as a permitted EAP type on the network policy.
- CVE-2023-21689: This vulnerability also affects PEAP servers. An attacker could attempt to execute malicious code in the context of the server’s account via a network call in order to gain arbitrary or remote code execution. The attacker does not require any user interaction or privileges.
How to Prevent Exploitation?
Apply the patches following Microsoft’s security update guide to protect your systems and products from vulnerabilities as soon as possible.
SOCRadar discovers your assets and continuously monitors them for any emerging security issues, including vulnerabilities; the platform provides actionable intelligence for improved security and assists in better patch prioritization.
Access further details and updates on the vulnerabilities with SOCRadar’s Vulnerability Intelligence.