My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Microsoft February 2023 Patch Tuesday

Published: 2023-02-14. Last Updated: 2023-02-15 01:19:13 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

 

Microsoft today patched 80 different vulnerabilities. This includes the Chromium vulnerabilities affecting Microsoft Edge. Nine vulnerabilities are rated as "Critical" by Microsoft.

Three of the vulnerabilities, all rated "important", are already being exploited:

CVE-2023-21715: Microsoft Publisher Security Feature Bypass. This vulnerability will allow the execution of macros bypassing policies blocking them.

CVE-2023-23376: Windows Common Log File Ssytem Driver Elevation of Privilege Vulnerability

CVE-2023-21823: Windows Graphics Component Remote Code Execution Vulnerability. Patches for this vulnerability may only be available via the Microsoft Store. Make sure you have these updates enabled.

Some additional vulnerabilities of interest:

CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability. Likely not the most common issue to be patched this month, but something that may easily be missed. This vulnerability, if exploited, could be used for lateral movement.

CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability. Word is always a great target as it offers a large attack surface. No known exploit for this vulnerability, but its CVSS score of 9.8 will attract some attention. The rating of "critical" implies that it is not necessary to open the document to trigger the vulnerability.

Visual Studio: Several vulnerabilities, two of them critical, affect Visual Studio. Attacks against developers are often not well documented but appear on the rise.

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
curl use after free vulnerability affecting CBL Mariner 2.0
CVE-2022-43552 No No - - -    
.NET Framework Denial of Service Vulnerability
CVE-2023-21722 No No Less Likely Less Likely Important 4.4 3.9
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-21808 No No Less Likely Less Likely Critical 7.8 6.8
3D Builder Remote Code Execution Vulnerability
CVE-2023-23377 No No - - Important 7.8 6.8
CVE-2023-23390 No No - - Important 7.8 6.8
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2023-21777 No No - - Important 8.7 7.6
Azure Data Box Gateway Remote Code Execution Vulnerability
CVE-2023-21703 No No - - Important 6.5 5.7
Azure DevOps Server Cross-Site Scripting Vulnerability
CVE-2023-21564 No No - - Important 7.1 6.2
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-21553 No No - - Important 7.5 6.5
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
CVE-2023-23382 No No - - Important 6.5 5.7
HTTP.sys Information Disclosure Vulnerability
CVE-2023-21687 No No - - Important 5.5 4.8
MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
CVE-2019-15126 No No - - -    
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
CVE-2023-21809 No No - - Important 7.8 6.8
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2023-23379 No No - - Important 6.4 5.6
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-21807 No No Unlikely Less Likely Important 5.8 5.1
CVE-2023-21570 No No - - Important 5.4 4.7
CVE-2023-21571 No No - - Important 5.4 4.7
CVE-2023-21572 No No - - Important 6.5 5.7
CVE-2023-21573 No No - - Important 5.4 4.7
Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability
CVE-2023-21778 No No Less Likely Less Likely Important 8.3 7.2
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-23374 No No Less Likely Less Likely Moderate 8.3 7.2
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-21794 No No Less Likely Less Likely Low 4.3 3.9
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2023-21720 No No Less Likely Less Likely Low 5.3 4.8
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21706 No No - - Important 8.8 7.7
CVE-2023-21707 No No - - Important 8.8 7.7
CVE-2023-21529 No No - - Important 8.8 7.7
CVE-2023-21710 No No - - Important 7.2 6.3
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-21797 No No - - Important 8.8 7.7
CVE-2023-21798 No No - - Important 8.8 7.7
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-21704 No No - - Important 7.8 6.8
Microsoft Office Information Disclosure Vulnerability
CVE-2023-21714 No No - - Important 5.5 4.8
Microsoft OneNote Spoofing Vulnerability
CVE-2023-21721 No No - - Important 6.5 5.7
Microsoft PostScript Printer Driver Information Disclosure Vulnerability
CVE-2023-21693 No No - - Important 5.7 5.1
Microsoft PostScript Printer Driver Remote Code Execution Vulnerability
CVE-2023-21684 No No - - Important 8.8 7.7
CVE-2023-21801 No No - - Important 7.8 6.8
Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability
CVE-2023-21701 No No - - Important 7.5 6.5
Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability
CVE-2023-21691 No No - - Important 7.5 6.5
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
CVE-2023-21689 No No - - Critical 9.8 8.5
CVE-2023-21690 No No - - Critical 9.8 8.5
CVE-2023-21692 No No - - Critical 9.8 8.5
CVE-2023-21695 No No - - Important 7.5 6.5
Microsoft Publisher Security Features Bypass Vulnerability
CVE-2023-21715 No Yes - - Important 7.3 6.4
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
CVE-2023-21718 No No - - Critical 7.8 6.8
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability
CVE-2023-21568 No No - - Important 7.3 6.4
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21528 No No More Likely Less Likely Important 7.8 6.8
CVE-2023-21705 No No - - Important 8.8 7.7
CVE-2023-21713 No No - - Important 8.8 7.7
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-21717 No No - - Important 8.8 7.7
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-21799 No No - - Important 8.8 7.7
CVE-2023-21685 No No - - Important 8.8 7.7
CVE-2023-21686 No No - - Important 8.8 7.7
Microsoft Word Remote Code Execution Vulnerability
CVE-2023-21716 No No - - Critical 9.8 8.5
NT OS Kernel Elevation of Privilege Vulnerability
CVE-2023-21688 No No - - Important 7.8 6.8
Power BI Report Server Spoofing Vulnerability
CVE-2023-21806 No No - - Important 8.2 7.1
Print 3D Remote Code Execution Vulnerability
CVE-2023-23378 No No - - Important 7.8 7.1
Visual Studio Denial of Service Vulnerability
CVE-2023-21567 No No More Likely Less Likely Important 5.6 5.1
Visual Studio Elevation of Privilege Vulnerability
CVE-2023-21566 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Remote Code Execution Vulnerability
CVE-2023-21815 No No - - Critical 8.4 7.3
CVE-2023-23381 No No - - Critical 8.4 7.3
Windows Active Directory Domain Services API Denial of Service Vulnerability
CVE-2023-21816 No No - - Important 7.5 6.5
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-21812 No No - - Important 7.8 6.8
CVE-2023-23376 No Yes - - Important 7.8 6.8
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
CVE-2023-21820 No No - - Important 7.4 6.4
Windows Fax Service Remote Code Execution Vulnerability
CVE-2023-21694 No No - - Important 6.8 5.9
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-21804 No No - - Important 7.8 6.8
CVE-2023-21822 No No - - Important 7.8 6.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2023-21823 No Yes - - Important 7.8 7.5
Windows Installer Elevation of Privilege Vulnerability
CVE-2023-21800 No No - - Important 7.8 6.8
Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability
CVE-2023-21697 No No - - Important 6.2 5.4
CVE-2023-21699 No No - - Important 5.3 4.6
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2023-21817 No No Less Likely Less Likely Important 7.8 6.8
Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2023-21805 No No - - Important 7.8 6.8
Windows Media Remote Code Execution Vulnerability
CVE-2023-21802 No No - - Important 7.8 6.8
Windows Secure Channel Denial of Service Vulnerability
CVE-2023-21813 No No Less Likely Less Likely Important 7.5 6.5
CVE-2023-21818 No No More Likely More Likely Important 7.5 6.5
CVE-2023-21819 No No - - Important 7.5 6.5
Windows iSCSI Discovery Service Denial of Service Vulnerability
CVE-2023-21700 No No - - Important 7.5 6.5
Windows iSCSI Discovery Service Remote Code Execution Vulnerability
CVE-2023-21803 No No - - Critical 9.8 8.5
Windows iSCSI Service Denial of Service Vulnerability
CVE-2023-21811 No No - - Important 7.5 6.5
CVE-2023-21702 No No - - Important 7.5 6.5

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

1 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments

Virtual Machine with Windows Server 2022 KB5022842 (OS Build 20348.1547) configured with secure boot enabled not booting up (90947)

https://kb.vmware.com/s/article/90947

Diary Archives