The February 2023 Patchday release contains patches for 75 CVEs - nine rated critical and 66 rated important. Also included: Elevation of rights error in Windows, circumvention of security functions in Microsoft Office or security gaps in Microsoft Exchange Server.
This month Microsoft fixed three zero-day vulnerabilities exploited by attackers in the wild, including two elevation of privilege bugs and one security feature bypass bug.
CVE-2023-23376
Microsoft has patched CVE-2023-23376, an elevation of privilege bug in the Common Log File System (CLFS) driver. Its discovery is credited to researchers at the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC), although details of its exploitation in the wild have not yet been released. Interestingly, Microsoft patched two similar bugs in the CLFS driver in 2022. CVE-2022-37969 was patched as part of the April 2022 patchday release and is credited to researchers at NSA and CrowdStrike, while CVE-2022-37969 was patched as part of the September 2022 patchday and is credited to multiple research institutions.
CVE-2023-21823
CVE-2023-21823 is an additional elevation of privilege flaw, this time in the Microsoft Windows graphics component, that has been exploited in the wild. The ability to elevate privileges once on a target system is important for attackers who want to cause more damage. These vulnerabilities are useful in a variety of contexts, whether an attacker is launching an attack by exploiting known vulnerabilities or through spear phishing and malware payloads, which is why we often see privilege elevation vulnerabilities routinely appearing in Patchday releases that are found in the wild be exploited. Client researchers have been credited with discovering this bug.
CVE-2023-21715
CVE-2023-21715 is a security feature bypass in Microsoft Office. This vulnerability was also exploited in the wild. A local, authenticated attacker could exploit this vulnerability by using social engineering techniques to convince a would-be victim to run a specially crafted file on their system, which would result in bypassing Microsoft Office security features typically used by the would block execution of macros. Its discovery is credited to Hidetake Jo, a researcher at Microsoft.
Microsoft Exchange Server
Microsoft has also patched three vulnerabilities in Microsoft Exchange Server (CVE-2023-21706, CVE-2023-21707, CVE-2023-21529) that are classified as more likely to be exploited. In recent years, Microsoft Exchange Servers around the world have been hit by multiple vulnerabilities ranging from ProxyLogon to ProxyShell and more recently ProxyNotShell, OWASSRF and TabShell. These vulnerabilities have become valuable assets for state-sponsored cybercriminals from Iran, Russia, and the People's Republic of China to run ransomware groups and their affiliates in devastating ransomware attacks. We strongly encourage organizations that rely on Microsoft Exchange Server to ensure they have the latest cumulative updates for Exchange Server applied."
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.