The February 2023 Microsoft Patch Tuesday security updates addressed 75 vulnerabilities, including three actively exploited zero-day bugs.
The February 2023 Microsoft Patch Tuesday security updates fixed 75 vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Office and Office Components; Exchange Server; .NET Core and Visual Studio Code; 3D construction and 3D printing; Microsoft Azure and Dynamics 365; Defender for IoT and malware protection engine; and Microsoft Edge (Chrome-based).
Nine vulnerabilities addressed this month were rated as critical and 66 were rated as severely important.
None of the vulnerabilities addressed this month are listed as publicly known, but three flaws are listed as being exploited in the wild at the time of disclosure.
Tracking the most serious actively exploited flaw CVE-2023-21823This is a Windows Graphics Component remote code execution vulnerability.
The flaw, rated as critical (CVSS score of 7.8), was reported by Genwei Jiang and Dhanesh Kizhakkinan of Mandiant.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” reads you consultation Published by Microsoft.
Another problem that was actively exploited is a The security feature of Microsoft Office bypasses the following vulnerability CVE-2023-21715.
The flaw, which is rated as serious (CVSS score of 7.3), was reported by Hidetake Jo.
“The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker can exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially structured file from a website that may lead to a local attack on the victim’s computer.” reads you consultation Published by Microsoft. “An attacker who successfully exploited this vulnerability could bypass the Office macro policy used to block untrusted or malicious files.”
Another interesting vulnerability addressed this month is a common Windows log file system privilege escalation vulnerability that is tracked CVE-2023-23376. An attacker could exploit this vulnerability to gain SYSTEM privileges.
The full list of vulnerabilities published by Microsoft for February 2023 is available Here.
Follow Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(Security matters – Hacking, Microsoft Patch Tuesday)
share on
