Patch Tuesday

​Today is Microsoft's February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of 77 flaws.

Nine vulnerabilities have been classified as 'Critical' as they allow remote code execution on vulnerable devices.

The number of bugs in each vulnerability category is listed below:

  • 12 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 38 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 10 Denial of Service Vulnerabilities
  • 8 Spoofing Vulnerabilities

This count does not include three Microsoft Edge vulnerabilities fixed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5022845 and KB5022836 cumulative updates and Windows 10 KB5022834 and KB5022840 updates.

Three zero-days fixed

This month's Patch Tuesday fixes three actively exploited zero-day vulnerabilities used in attacks. 

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The three actively exploited zero-day vulnerabilities fixed in today's updates are:

CVE-2023-21823 - Windows Graphics Component Remote Code Execution Vulnerability discovered by Genwei Jiang and Dhanesh Kizhakkinan of Mandiant.

Microsoft says this remote code execution vulnerability allows attackers to execute commands with SYSTEM privileges.

This security update will be pushed out to users via the Microsoft Store rather than Windows Update. Therefore, for those customers who disable automatic updates in the Microsoft Store, Microsoft will not be pushing out the update automatically.

BleepingComputer has contacted Mandiant to learn more about these vulnerabilities were actively exploited.

CVE-2023-21715 - Microsoft Publisher Security Features Bypass Vulnerability discovered by Hidetake Jo of Microsoft.

The second zero-day vulnerability is in Microsoft Publisher and allows a specially crafted document to bypass Office macro policies that block untrusted or malicious files.

Exploiting this flaw would effectively allow macros in a malicious Publisher document to run without first warning the user.

"The attack itself is carried out locally by a user with authentication to the targeted system," explains Microsoft.

"An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer."

CVE-2023-23376 - Windows Common Log File System Driver Elevation of Privilege Vulnerability discovered by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC).

The third actively exploited vulnerability allows an "attacker who successfully exploited this vulnerability could gain SYSTEM privileges."

BleepingComputer has contacted Microsoft to learn more about how the CVE-2023-21715 and CVE-2023-23376 vulnerabilities were exploited in attacks.

Recent updates from other companies

Other vendors who released updates in February 2023 include:

The February 2023 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the February 2023 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET and Visual Studio CVE-2023-21808 .NET and Visual Studio Remote Code Execution Vulnerability Critical
.NET Framework CVE-2023-21722 .NET Framework Denial of Service Vulnerability Important
3D Builder CVE-2023-23390 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-23377 3D Builder Remote Code Execution Vulnerability Important
3D Builder CVE-2023-23378 Print 3D Remote Code Execution Vulnerability Important
Azure App Service CVE-2023-21777 Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability Important
Azure Data Box Gateway CVE-2023-21703 Azure Data Box Gateway Remote Code Execution Vulnerability Important
Azure DevOps CVE-2023-21564 Azure DevOps Server Cross-Site Scripting Vulnerability Important
Azure DevOps CVE-2023-21553 Azure DevOps Server Remote Code Execution Vulnerability Important
Azure Machine Learning CVE-2023-23382 Azure Machine Learning Compute Instance Information Disclosure Vulnerability Important
HoloLens CVE-2019-15126 MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device Unknown
Internet Storage Name Service CVE-2023-21699 Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability Important
Internet Storage Name Service CVE-2023-21697 Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability Important
Mariner CVE-2022-43552 Unknown Unknown
Microsoft Defender for Endpoint CVE-2023-21809 Microsoft Defender for Endpoint Security Feature Bypass Vulnerability Important
Microsoft Defender for IoT CVE-2023-23379 Microsoft Defender for IoT Elevation of Privilege Vulnerability Important
Microsoft Dynamics CVE-2023-21807 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2023-21573 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2023-21571 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2023-21572 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2023-21778 Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability Important
Microsoft Dynamics CVE-2023-21570 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Edge (Chromium-based) CVE-2023-23374 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate
Microsoft Edge (Chromium-based) CVE-2023-21794 Microsoft Edge (Chromium-based) Spoofing Vulnerability Low
Microsoft Edge (Chromium-based) CVE-2023-21720 Microsoft Edge (Chromium-based) Tampering Vulnerability Low
Microsoft Exchange Server CVE-2023-21710 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2023-21707 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2023-21706 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2023-21529 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2023-21804 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2023-21823 Windows Graphics Component Remote Code Execution Vulnerability Important
Microsoft Office CVE-2023-21714 Microsoft Office Information Disclosure Vulnerability Important
Microsoft Office OneNote CVE-2023-21721 Microsoft OneNote Spoofing Vulnerability Important
Microsoft Office Publisher CVE-2023-21715 Microsoft Publisher Security Features Bypass Vulnerability Important
Microsoft Office SharePoint CVE-2023-21717 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important
Microsoft Office Word CVE-2023-21716 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft PostScript Printer Driver CVE-2023-21693 Microsoft PostScript Printer Driver Information Disclosure Vulnerability Important
Microsoft PostScript Printer Driver CVE-2023-21801 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability Important
Microsoft PostScript Printer Driver CVE-2023-21684 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2023-21686 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2023-21685 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft WDAC OLE DB provider for SQL CVE-2023-21799 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2023-21802 Windows Media Remote Code Execution Vulnerability Important
Power BI CVE-2023-21806 Power BI Report Server Spoofing Vulnerability Important
SQL Server CVE-2023-21713 Microsoft SQL Server Remote Code Execution Vulnerability Important
SQL Server CVE-2023-21718 Microsoft SQL ODBC Driver Remote Code Execution Vulnerability Critical
SQL Server CVE-2023-21528 Microsoft SQL Server Remote Code Execution Vulnerability Important
SQL Server CVE-2023-21705 Microsoft SQL Server Remote Code Execution Vulnerability Important
SQL Server CVE-2023-21568 Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability Important
SQL Server CVE-2023-21704 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Important
Visual Studio CVE-2023-21566 Visual Studio Elevation of Privilege Vulnerability Important
Visual Studio CVE-2023-21815 Visual Studio Remote Code Execution Vulnerability Critical
Visual Studio CVE-2023-23381 Visual Studio Remote Code Execution Vulnerability Critical
Visual Studio CVE-2023-21567 Visual Studio Denial of Service Vulnerability Important
Windows Active Directory CVE-2023-21816 Windows Active Directory Domain Services API Denial of Service Vulnerability Important
Windows ALPC CVE-2023-21688 NT OS Kernel Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2023-23376 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2023-21812 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Cryptographic Services CVE-2023-21813 Windows Secure Channel Denial of Service Vulnerability Important
Windows Cryptographic Services CVE-2023-21819 Windows Secure Channel Denial of Service Vulnerability Important
Windows Distributed File System (DFS) CVE-2023-21820 Windows Distributed File System (DFS) Remote Code Execution Vulnerability Important
Windows Fax and Scan Service CVE-2023-21694 Windows Fax Service Remote Code Execution Vulnerability Important
Windows HTTP.sys CVE-2023-21687 HTTP.sys Information Disclosure Vulnerability Important
Windows Installer CVE-2023-21800 Windows Installer Elevation of Privilege Vulnerability Important
Windows iSCSI CVE-2023-21803 Windows iSCSI Discovery Service Remote Code Execution Vulnerability Critical
Windows iSCSI CVE-2023-21700 Windows iSCSI Discovery Service Denial of Service Vulnerability Important
Windows iSCSI CVE-2023-21702 Windows iSCSI Service Denial of Service Vulnerability Important
Windows iSCSI CVE-2023-21811 Windows iSCSI Service Denial of Service Vulnerability Important
Windows Kerberos CVE-2023-21817 Windows Kerberos Elevation of Privilege Vulnerability Important
Windows MSHTML Platform CVE-2023-21805 Windows MSHTML Platform Remote Code Execution Vulnerability Important
Windows ODBC Driver CVE-2023-21797 Microsoft ODBC Driver Remote Code Execution Vulnerability Important
Windows ODBC Driver CVE-2023-21798 Microsoft ODBC Driver Remote Code Execution Vulnerability Important
Windows Protected EAP (PEAP) CVE-2023-21695 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Important
Windows Protected EAP (PEAP) CVE-2023-21701 Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability Important
Windows Protected EAP (PEAP) CVE-2023-21692 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Critical
Windows Protected EAP (PEAP) CVE-2023-21691 Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability Important
Windows Protected EAP (PEAP) CVE-2023-21690 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Critical
Windows Protected EAP (PEAP) CVE-2023-21689 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Critical
Windows SChannel CVE-2023-21818 Windows Secure Channel Denial of Service Vulnerability Important
Windows Win32K CVE-2023-21822 Windows Graphics Component Elevation of Privilege Vulnerability Important

Related Articles:

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Windows 10 KB5034763 update released with new fixes, changes

Windows 11 KB5035853 update released, here's what's new

Windows 10 KB5035845 update released with 9 new changes, fixes