Microsoft February 2023 Patch Tuesday
Microsoft today patched 80 different vulnerabilities. This includes the Chromium vulnerabilities affecting Microsoft Edge. Nine vulnerabilities are rated as "Critical" by Microsoft.
Three of the vulnerabilities, all rated "important", are already being exploited:
CVE-2023-21715: Microsoft Publisher Security Feature Bypass. This vulnerability will allow the execution of macros bypassing policies blocking them.
CVE-2023-23376: Windows Common Log File Ssytem Driver Elevation of Privilege Vulnerability
CVE-2023-21823: Windows Graphics Component Remote Code Execution Vulnerability. Patches for this vulnerability may only be available via the Microsoft Store. Make sure you have these updates enabled.
Some additional vulnerabilities of interest:
CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability. Likely not the most common issue to be patched this month, but something that may easily be missed. This vulnerability, if exploited, could be used for lateral movement.
CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability. Word is always a great target as it offers a large attack surface. No known exploit for this vulnerability, but its CVSS score of 9.8 will attract some attention. The rating of "critical" implies that it is not necessary to open the document to trigger the vulnerability.
Visual Studio: Several vulnerabilities, two of them critical, affect Visual Studio. Attacks against developers are often not well documented but appear on the rise.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| curl use after free vulnerability affecting CBL Mariner 2.0 | |||||||
| CVE-2022-43552 | No | No | - | - | - | ||
| .NET Framework Denial of Service Vulnerability | |||||||
| CVE-2023-21722 | No | No | Less Likely | Less Likely | Important | 4.4 | 3.9 |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2023-21808 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
| 3D Builder Remote Code Execution Vulnerability | |||||||
| CVE-2023-23377 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2023-23390 | No | No | - | - | Important | 7.8 | 6.8 |
| Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability | |||||||
| CVE-2023-21777 | No | No | - | - | Important | 8.7 | 7.6 |
| Azure Data Box Gateway Remote Code Execution Vulnerability | |||||||
| CVE-2023-21703 | No | No | - | - | Important | 6.5 | 5.7 |
| Azure DevOps Server Cross-Site Scripting Vulnerability | |||||||
| CVE-2023-21564 | No | No | - | - | Important | 7.1 | 6.2 |
| Azure DevOps Server Remote Code Execution Vulnerability | |||||||
| CVE-2023-21553 | No | No | - | - | Important | 7.5 | 6.5 |
| Azure Machine Learning Compute Instance Information Disclosure Vulnerability | |||||||
| CVE-2023-23382 | No | No | - | - | Important | 6.5 | 5.7 |
| HTTP.sys Information Disclosure Vulnerability | |||||||
| CVE-2023-21687 | No | No | - | - | Important | 5.5 | 4.8 |
| MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device | |||||||
| CVE-2019-15126 | No | No | - | - | - | ||
| Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | |||||||
| CVE-2023-21809 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | |||||||
| CVE-2023-23379 | No | No | - | - | Important | 6.4 | 5.6 |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||||
| CVE-2023-21807 | No | No | Unlikely | Less Likely | Important | 5.8 | 5.1 |
| CVE-2023-21570 | No | No | - | - | Important | 5.4 | 4.7 |
| CVE-2023-21571 | No | No | - | - | Important | 5.4 | 4.7 |
| CVE-2023-21572 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2023-21573 | No | No | - | - | Important | 5.4 | 4.7 |
| Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | |||||||
| CVE-2023-21778 | No | No | Less Likely | Less Likely | Important | 8.3 | 7.2 |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||||
| CVE-2023-23374 | No | No | Less Likely | Less Likely | Moderate | 8.3 | 7.2 |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||||
| CVE-2023-21794 | No | No | Less Likely | Less Likely | Low | 4.3 | 3.9 |
| Microsoft Edge (Chromium-based) Tampering Vulnerability | |||||||
| CVE-2023-21720 | No | No | Less Likely | Less Likely | Low | 5.3 | 4.8 |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||||
| CVE-2023-21706 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2023-21707 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2023-21529 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2023-21710 | No | No | - | - | Important | 7.2 | 6.3 |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||||
| CVE-2023-21797 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2023-21798 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||||
| CVE-2023-21704 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Office Information Disclosure Vulnerability | |||||||
| CVE-2023-21714 | No | No | - | - | Important | 5.5 | 4.8 |
| Microsoft OneNote Spoofing Vulnerability | |||||||
| CVE-2023-21721 | No | No | - | - | Important | 6.5 | 5.7 |
| Microsoft PostScript Printer Driver Information Disclosure Vulnerability | |||||||
| CVE-2023-21693 | No | No | - | - | Important | 5.7 | 5.1 |
| Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | |||||||
| CVE-2023-21684 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2023-21801 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability | |||||||
| CVE-2023-21701 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | |||||||
| CVE-2023-21691 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | |||||||
| CVE-2023-21689 | No | No | - | - | Critical | 9.8 | 8.5 |
| CVE-2023-21690 | No | No | - | - | Critical | 9.8 | 8.5 |
| CVE-2023-21692 | No | No | - | - | Critical | 9.8 | 8.5 |
| CVE-2023-21695 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft Publisher Security Features Bypass Vulnerability | |||||||
| CVE-2023-21715 | No | Yes | - | - | Important | 7.3 | 6.4 |
| Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | |||||||
| CVE-2023-21718 | No | No | - | - | Critical | 7.8 | 6.8 |
| Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability | |||||||
| CVE-2023-21568 | No | No | - | - | Important | 7.3 | 6.4 |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||||
| CVE-2023-21528 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2023-21705 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2023-21713 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||||
| CVE-2023-21717 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||||
| CVE-2023-21799 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2023-21685 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2023-21686 | No | No | - | - | Important | 8.8 | 7.7 |
| Microsoft Word Remote Code Execution Vulnerability | |||||||
| CVE-2023-21716 | No | No | - | - | Critical | 9.8 | 8.5 |
| NT OS Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2023-21688 | No | No | - | - | Important | 7.8 | 6.8 |
| Power BI Report Server Spoofing Vulnerability | |||||||
| CVE-2023-21806 | No | No | - | - | Important | 8.2 | 7.1 |
| Print 3D Remote Code Execution Vulnerability | |||||||
| CVE-2023-23378 | No | No | - | - | Important | 7.8 | 7.1 |
| Visual Studio Denial of Service Vulnerability | |||||||
| CVE-2023-21567 | No | No | More Likely | Less Likely | Important | 5.6 | 5.1 |
| Visual Studio Elevation of Privilege Vulnerability | |||||||
| CVE-2023-21566 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2023-21815 | No | No | - | - | Critical | 8.4 | 7.3 |
| CVE-2023-23381 | No | No | - | - | Critical | 8.4 | 7.3 |
| Windows Active Directory Domain Services API Denial of Service Vulnerability | |||||||
| CVE-2023-21816 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2023-21812 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2023-23376 | No | Yes | - | - | Important | 7.8 | 6.8 |
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | |||||||
| CVE-2023-21820 | No | No | - | - | Important | 7.4 | 6.4 |
| Windows Fax Service Remote Code Execution Vulnerability | |||||||
| CVE-2023-21694 | No | No | - | - | Important | 6.8 | 5.9 |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
| CVE-2023-21804 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2023-21822 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2023-21823 | No | Yes | - | - | Important | 7.8 | 7.5 |
| Windows Installer Elevation of Privilege Vulnerability | |||||||
| CVE-2023-21800 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | |||||||
| CVE-2023-21697 | No | No | - | - | Important | 6.2 | 5.4 |
| CVE-2023-21699 | No | No | - | - | Important | 5.3 | 4.6 |
| Windows Kerberos Elevation of Privilege Vulnerability | |||||||
| CVE-2023-21817 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||||
| CVE-2023-21805 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Media Remote Code Execution Vulnerability | |||||||
| CVE-2023-21802 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Secure Channel Denial of Service Vulnerability | |||||||
| CVE-2023-21813 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.5 |
| CVE-2023-21818 | No | No | More Likely | More Likely | Important | 7.5 | 6.5 |
| CVE-2023-21819 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows iSCSI Discovery Service Denial of Service Vulnerability | |||||||
| CVE-2023-21700 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows iSCSI Discovery Service Remote Code Execution Vulnerability | |||||||
| CVE-2023-21803 | No | No | - | - | Critical | 9.8 | 8.5 |
| Windows iSCSI Service Denial of Service Vulnerability | |||||||
| CVE-2023-21811 | No | No | - | - | Important | 7.5 | 6.5 |
| CVE-2023-21702 | No | No | - | - | Important | 7.5 | 6.5 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
ISC Stormcast For Tuesday, February 14th, 2023 https://isc.sans.edu/podcastdetail.html?id=8368
×
![modal content]()
Diary Archives
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago