February 2023 Patch Tuesday | Microsoft Fixes 3 Actively Exploited Zero-Days

Microsoft released major security updates for a total of 75 Windows vulnerabilities, nine of which are rated “Critical,” 66 are rated “Important,” and three zero-days that have been exploited in the wild. The full list can be found in the latest Microsoft Security Update Guide. Here’s what you need to know.

What is the situation?

The three actively exploited zero-day vulnerabilities fixed in the updates are:

• CVE-2023-21715 – Microsoft Publisher Security Feature Bypass Vulnerability
• CVE-2023-23376 – Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability
• CVE-2023-21823 – Windows Graphics Component Remote Code Execution (RCE) Vulnerability

The first vulnerability, CVE-2023-21715 (rated important), must be carried out by a local user who is already authenticated. If the attacker can lure a victim through social engineering to download and execute the malicious file locally, this would allow macros in malicious Publisher documents to run without warning the user.

The second zero-day, CVE-2023-23376 (rated important), is only described by Microsoft as “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”

The third zero-day patched, CVE-2023-21823 (rated important), is described as a remote code execution vulnerability that allows attackers to execute commands with SYSTEM privileges.

Additionally, all nine critical vulnerabilities patched by Microsoft are RCE vulnerabilities affecting things like Microsoft Word, drivers, Visual Studio, iSCSI Discovery Service and Microsoft Protected Extensible Authentication Protocol (PEAP).

What is Nuspire doing?

Nuspire applies patches when released in accordance with vendor recommendations.

What should I do?

Due to the wide use of Microsoft Windows, threat actors are quick to pounce on vulnerabilities affecting the operating system. Organizations should ensure they are prioritizing Windows updates by criticality and applying them as soon as possible within their environment.

• More information on February 2023’s security updates can be found here.
• Organizations should apply patches within their environment as soon as possible, especially as three of these vulnerabilities have already been confirmed by Microsoft to be exploited in the wild.