Three zero-day vulnerabilities are included in Microsoft’s Patch Tuesday collection for February 2023. Not exactly the Valentine’s Day that we had in mind. If a vulnerability is publicly reported or actively exploited and no official remedy is available. Microsoft describes it as a zero-day vulnerability. Only two vulnerabilities appear to have been successfully exploited in the wild.
These updates fix the following zero-days:
Graphics component
A Windows Graphics Components remote code execution (RCE) vulnerability, CVE-2023-21823. An attacker might run commands with SYSTEM privileges if this vulnerability is successfully exploited.
The fact that this update is from the Microsoft Store should be noted. Users who have turned off the Microsoft Store’s automatic updates must thus utilize the Microsoft Store to download the update. However, follow the instructions in the How-to article titled Get updates for applications and games in the Microsoft Store. When looking for updates, be sure to click the option for the operating system that is currently installed on your device.
Also, read Microsoft was prosecuted for open-source theft via GitHub Copilot.
The OneNote for Android app is particularly mentioned in the Microsoft update guide for this issue. It was lately observed ASyncRAT campaigns that use malicious OneNote (.one) attachments; as a result, we hope to see that this update ends the practice.
Microsoft Publisher
Microsoft Publisher security features can be bypassed thanks to CVE-2023-21715. Successfully exploiting this issue would allow an attacker to get beyond Microsoft Publisher’s Office macro restrictions, which are meant to block harmful or dubious files. A user who has access to the targeted system must be able to carry out the attack locally. Using social engineering to persuade a victim to download and open a specially constructed file from a website that could result in a local attack on the victim’s computer, an authorized attacker could exploit the vulnerability.
Although it may seem challenging to exploit, Microsoft claims to have discovered an exploit of this vulnerability.
Windows Common Log File System Driver
A Windows Standard Log System Files Driver escalation of privilege (EoP) vulnerability is identified as CVE-2023-23376. By effectively utilizing this vulnerability, a hacker could take control of the SYSTEM. Since Microsoft doesn’t mention any other vulnerabilities this EoP has been used in conjunction with, it can be helpful in a chain of flaws.
Other patched vulnerabilities
Patches for three remote code execution problems in Exchange Server that have been flagged as potentially exploitable are also included. Authentication is required for the vulnerabilities CVE-2023-21706, CVE-2023-21707, and CVE-2023-21529.
RCE vulnerability in Microsoft Word: CVE-2023-21716 has a CVSS score of 9.8 out of 10. An unauthenticated attacker could send a malicious email with a Rich Text Format (RTF) payload, giving them access to run commands inside the program that opened the infected file.
Also, read Microsoft: Kubernetes clusters hacked.
Unpatched
Additionally, it has disclosed a vulnerability in Print 3D, an end-of-life (EOL) programme, identified as CVE-2023-23378. Although, EOL is a term frequently used by software providers to denote that, in their opinion, a product or version of a product has reached its end of usefulness. In conjunction with Windows 10 version 1903, Print 3D was discontinued.
According to Microsoft, users should upgrade to the 3D Builder app, which has verified that it won’t provide a patch to resolve the vulnerability.
