You are currently viewing Microsoft February 2023 Patch Tuesday Addresses 77 Vulnerabilities Including 3 Zero-Day!

Microsoft February 2023 Patch Tuesday Addresses 77 Vulnerabilities Including 3 Zero-Day!

Microsoft has released February 2023 Patch Tuesday security updates, addressing 77 vulnerabilities. 9 are classified as critical as they allow the most severe type of vulnerability remote code execution, and 68 are classified as important. The products covered in the February security update include Windows Graphics Component, Microsoft Publisher, Windows Common Log File System Driver, .NET Framework, 3D Builder, Azure App Service, Azure Data Box Gateway, Azure DevOps, etc. The solution for this problem is a good vulnerability management tool.

This Microsoft February 2023 Patch Tuesday fixes three zero-day vulnerability that is known to be actively exploited (CVE-2023-21823, CVE-2023-21715, CVE-2023-23376). These vulnerabilities came to light with the help of a vulnerability management system.



Zero-Days Vulnerabilities

CVE-2023-21823 | Windows Graphics Component Remote Code Execution Vulnerability
This vulnerability has a CVSSv3.1 score of 7.8 out of 10. This vulnerability allows remote attackers to execute commands with the highest level of privileges, called SYSTEM privileges, on a Windows system. This can give the attacker complete control over the targeted system if exploited.

CVE-2023-21715 | Microsoft Publisher Security Features Bypass Vulnerability
This vulnerability has a CVSSv3.1 score of 7.3 out of 10. This vulnerability allows malicious macros in Publisher documents to run without warning the user, even if the user has enabled macro policies to block such files. An attacker with authentication to the system could exploit this flaw by tricking the victim into downloading and opening a specially crafted file, leading to a local attack on the victim’s computer.

CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
This vulnerability has a CVSSv3.1 score of 7.8 out of 10. This vulnerability enables attackers to gain SYSTEM privileges, which provide them with complete control over a system. This level of access allows them to perform any action, including installing or deleting programs and modifying or deleting data.


Critical Vulnerabilities

This Patch Tuesday addresses nine security vulnerabilities categorized as “Critical.” These vulnerabilities can pose a significant threat to the security of the affected devices. If exploited, they could allow remote code execution, enabling attackers to gain control of systems and perform various malicious activities.

Tag CVE ID CVE Title Severity
.NET and Visual Studio CVE-2023-21808 .NET and Visual Studio Remote Code Execution Vulnerability Critical
Microsoft Office Word CVE-2023-21716 Microsoft Word Remote Code Execution Vulnerability Critical
SQL Server CVE-2023-21718 Microsoft SQL ODBC Driver Remote Code Execution Vulnerability Critical
Visual Studio CVE-2023-23381 Visual Studio Remote Code Execution Vulnerability Critical
Visual Studio CVE-2023-21815 Visual Studio Remote Code Execution Vulnerability Critical
Windows iSCSI CVE-2023-21803 Windows iSCSI Discovery Service Remote Code Execution Vulnerability Critical
Windows Protected EAP (PEAP) CVE-2023-21692 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Critical
Windows Protected EAP (PEAP) CVE-2023-21690 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Critical
Windows Protected EAP (PEAP) CVE-2023-21689 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Critical


Microsoft security bulletin summary for February 2023

      • .NET and Visual Studio

      • .NET Framework

      • 3D Builder

      • Azure App Service

      • Azure Data Box Gateway

      • Azure DevOps

      • Azure Machine Learning

      • HoloLens

      • Internet Storage Name Service

      • Microsoft Defender for Endpoint

      • Microsoft Defender for IoT

      • Microsoft Dynamics

      • Microsoft Edge (Chromium-based)

      • Microsoft Exchange Server

      • Microsoft Graphics Component

      • Microsoft Office

      • Microsoft Office OneNote

      • Microsoft Office Publisher

      • Microsoft Office SharePoint

      • Microsoft Office Word

      • Microsoft PostScript Printer Driver

      • Microsoft WDAC OLE DB provider for SQL

      • Microsoft Windows Codecs Library

      • Power BI

      • SQL Server

      • Visual Studio


    Product: Microsoft Windows
    CVEs/Advisory: CVE-2023-21684, CVE-2023-21685, CVE-2023-21686, CVE-2023-21687, CVE-2023-21688, CVE-2023-21689, CVE-2023-21690, CVE-2023-21691, CVE-2023-21692, CVE-2023-21693, CVE-2023-21694, CVE-2023-21695, CVE-2023-21697, CVE-2023-21699, CVE-2023-21700, CVE-2023-21701, CVE-2023-21702, CVE-2023-21797, CVE-2023-21798, CVE-2023-21799, CVE-2023-21801, CVE-2023-21802, CVE-2023-21803, CVE-2023-21804, CVE-2023-21805, CVE-2023-21811, CVE-2023-21812, CVE-2023-21813, CVE-2023-21816, CVE-2023-21817, CVE-2023-21818, CVE-2023-21819, CVE-2023-21820, CVE-2023-21822, CVE-2023-21823, CVE-2023-23376
    Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution
    KB’s: 5022834, 5022835, 5022836, 5022838, 5022840, 5022842, 5022845, 5022858, 5022894, 5022895, 5022899, 5022903

    Product: Microsoft Visual Studio
    CVEs/Advisory: CVE-2022-23521, CVE-2023-21566, CVE-2023-21567, CVE-2023-21808, CVE-2023-21815, CVE-2023-23381, CVE-2023-41953
    Impact: Denial of Service, Elevation of Privilege, Remote Code Execution

    Product: .NET Framework
    CVEs/Advisory: CVE-2023-21722, CVE-2023-21808
    Impact: Denial of Service, Remote Code Execution
    KB’s: 5022497, 5022503, 5022727, 5022728, 5022729, 5022730, 5022731, 5022732, 5022733, 5022734, 5022735, 5022782, 5022783, 5022784, 5022785, 5022786, 5022838, 5022858


    SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure.