Microsoft Release Patches: Update your system Now
Description:
Microsoft released patches for 75 flaws on its February 2023 Patch Tuesday along with the three actively exploited Windows zero-day vulnerabilities. Three zero-day vulnerabilities were related to Microsoft Edge.
Among 75 flaws, 9 were rated as critical, and 66 were rated as important. 36 of the vulnerabilities were classified as remote code execution (RCE) flaws, 12 of them as Elevation of Privilege, 10 as Denial of Service, 8 as Spoofing, 7 as Information Disclosure, and 2 of them as Security Feature Bypass. The updates include fixes for vulnerabilities in Windows OS and its components.
The three zero-days that have been exploited were:
CVE-2023-21715 is a Security Feature Bypass Vulnerability that needs the local, authenticated user to download and open an attacker-created file on a vulnerable system. To properly exploit this weakness, an attacker would need to convince the victim to download and run the file.
CVE-2023-21823 is an Elevation of Privilege Vulnerability on Microsoft Windows Graphics Component. An attacker must log into a susceptible system and run a specially created program to exploit this vulnerability.
CVE-2023-23376 is also an Elevation of Privilege Vulnerability on the Windows Common Log File System component which manages and maintains high performance, transaction-based log file system. Once an attacker has acquired access to a target, they can take advantage of this vulnerability.
CVE_IDs:
- CVE-2023-21715
- CVE-2023-21823
- CVE-2023-23376
CVSS by CVEs:
- 7.3
- 7.8
- 7.8
Source:
- https://thehackernews.com/2023/02/update-now-microsoft-releases-patches.html
- https://www.tenable.com/blog/microsofts-february-2023-patch-tuesday-addresses-75-cves-cve-2023-23376
Impact:
- CVE-2023-21715 allows attackers to bypass a security feature in Microsoft Publisher, specifically Office macro policies designed to block untrusted or malicious files.
- Successful exploitation of CVE-2023-21823 vulnerability leads to remote code execution and a total takeover of a vulnerable system.
- The exploitation of CVE-2023-21823 could allow attackers to gain SYSTEM privileges on a target host.
Recommendation:
- Apply the security update patch provided by the manufacturer as soon as possible to permanently close the vulnerabilities.