Black Arrow Cyber Advisory 15/02/2023 – Microsoft Patch Tuesday – 75 patches and Three Actively Exploited Vulnerabilities
Executive summary
Microsoft’s February Patch Tuesday provides updates to address 75 security issues across its product range, including three actively exploited zero-days.
Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are classified as remote code execution (RCE) flaws.
The three exploited zero-day vulnerabilities include a security bypass vulnerability, remote execution vulnerability and an elevation of privileges vulnerability. Also among the updates provided by Microsoft were 9 critical vulnerabilities.
What’s the risk to me or my business?
The actively exploited vulnerabilities could allow an attacker to bypass security features to upload malicious files, remotely execute code and gain SYSTEM privileges; all of which could compromise the confidentiality, integrity and availability of data stored by an organisation.
What can I do?
Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerabilities and all other vulnerabilities that have a critical severity rating.
Technical Summary
The following is a breakdown of the actively exploited vulnerabilities which affected Microsoft Operating Systems:
CVE-2023-21715: A vulnerability which allows a local user with authentication to bypass Microsoft Office macro policies used to block untrusted or malicious files.
CVE-2023-21823: A remote code execution vulnerability which allows an attacker to execute code with system privileges, effectively providing them with unlimited permission. Microsoft Store will automatically update affected customers, providing automatic updates are enabled in the Store.
CVE-2023-23376: A vulnerability which allows a successful attacker to gain SYSTEM privileges, effectively providing them with unlimited permission.
Further details on other specific updates within this patch Tuesday can be found here: https://www.ghacks.net/2023/02/14/microsoft-windows-security-updates-february-2023-overview/
Further details about CVE-2023-21715 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715
Further details about CVE-2023-21823 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823
Further details about CVE-2023-23376 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376