Microsoft February 2023 Patch Tuesday Addresses 77 Vulnerabilities Including 3 Zero-Day!

Microsoft has released February 2023 Patch Tuesday security updates, addressing 77 vulnerabilities. 9 are classified as critical as they allow the most severe type of vulnerability remote code execution, and 68 are classified as important. The products covered in the February security update include Windows Graphics Component, Microsoft Publisher, Windows Common Log File System Driver, .NET Framework, 3D Builder, Azure App Service, Azure Data Box Gateway, Azure DevOps, etc. The solution for this problem is a good vulnerability management tool.

This Microsoft February 2023 Patch Tuesday fixes threezero-day vulnerability that is known to be actively exploited (CVE-2023-21823, CVE-2023-21715, CVE-2023-23376). These vulnerabilities came to light with the help of a vulnerability management software.

CVE-2023-21823 | Windows Graphics Component Remote Code Execution VulnerabilityThis vulnerability has a CVSSv3.1 score of 7.8 out of 10. This vulnerability allows remote attackers to execute commands with the highest level of privileges, called SYSTEM privileges, on a Windows system. This can give the attacker complete control over the targeted system if exploited.

CVE-2023-21715 | Microsoft Publisher Security Features Bypass VulnerabilityThis vulnerability has a CVSSv3.1 score of 7.3 out of 10. This vulnerability allows malicious macros in Publisher documents to run without warning the user, even if the user has enabled macro policies to block such files. An attacker with authentication to the system could exploit this flaw by tricking the victim into downloading and opening a specially crafted file, leading to a local attack on the victim’s computer.

CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege VulnerabilityThis vulnerability has a CVSSv3.1 score of 7.8 out of 10. This vulnerability enables attackers to gain SYSTEM privileges, which provide them with complete control over a system. This level of access allows them to perform any action, including installing or deleting programs and modifying or deleting data.

This Patch Tuesday addresses nine security vulnerabilities categorized as “Critical.” These vulnerabilities can pose a significant threat to the security of the affected devices. If exploited, they could allow remote code execution, enabling attackers to gain control of systems and perform various malicious activities.

• .NET and Visual Studio

• .NET Framework

• 3D Builder

• Azure App Service

• Azure Data Box Gateway

• Azure DevOps

• Azure Machine Learning

• HoloLens

• Internet Storage Name Service

• Microsoft Defender for Endpoint

• Microsoft Defender for IoT

• Microsoft Dynamics

• Microsoft Edge (Chromium-based)

• Microsoft Exchange Server

• Microsoft Graphics Component

• Microsoft Office

• Microsoft Office OneNote

• Microsoft Office Publisher

• Microsoft Office SharePoint

• Microsoft Office Word

• Microsoft PostScript Printer Driver

• Microsoft WDAC OLE DB provider for SQL

• Microsoft Windows Codecs Library

• Power BI

• SQL Server

• Visual Studio

Product: Microsoft WindowsCVEs/Advisory: CVE-2023-21684, CVE-2023-21685, CVE-2023-21686, CVE-2023-21687, CVE-2023-21688, CVE-2023-21689, CVE-2023-21690, CVE-2023-21691, CVE-2023-21692, CVE-2023-21693, CVE-2023-21694, CVE-2023-21695, CVE-2023-21697, CVE-2023-21699, CVE-2023-21700, CVE-2023-21701, CVE-2023-21702, CVE-2023-21797, CVE-2023-21798, CVE-2023-21799, CVE-2023-21801, CVE-2023-21802, CVE-2023-21803, CVE-2023-21804, CVE-2023-21805, CVE-2023-21811, CVE-2023-21812, CVE-2023-21813, CVE-2023-21816, CVE-2023-21817, CVE-2023-21818, CVE-2023-21819, CVE-2023-21820, CVE-2023-21822, CVE-2023-21823, CVE-2023-23376Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code ExecutionKB’s: 5022834, 5022835, 5022836, 5022838, 5022840, 5022842, 5022845, 5022858, 5022894, 5022895, 5022899, 5022903

Product: Microsoft Visual StudioCVEs/Advisory: CVE-2022-23521, CVE-2023-21566, CVE-2023-21567, CVE-2023-21808, CVE-2023-21815, CVE-2023-23381, CVE-2023-41953Impact: Denial of Service, Elevation of Privilege, Remote Code Execution

Product: .NET FrameworkCVEs/Advisory: CVE-2023-21722, CVE-2023-21808Impact: Denial of Service, Remote Code ExecutionKB’s: 5022497, 5022503, 5022727, 5022728, 5022729, 5022730, 5022731, 5022732, 5022733, 5022734, 5022735, 5022782, 5022783, 5022784, 5022785, 5022786, 5022838, 5022858

SanerNow VMand SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure.