Microsoft’s Patch Tuesday for February fixes 3 zero-day bugs and more

TechSpot is about to celebrate its 25th anniversary. TechSpot means tech analysis and advice you can trust.

Why it matters: ‘Patch Tuesday’ is the unofficial term used by Microsoft for its monthly release of bugfixes for Windows and other software products. Like every other month since October 2003, Microsoft patched a lot of flaws in February that could make hackers’ malicious jobs easier.

Yesterday’s Valentine’s Day was a day for lovers, martyrs, and system administrators, as Microsoft released its monthly batch of security updates for Windows and other products. The Patch Tuesday for February 2023 brought fixes for a remarkable amount of bugs, including three dangerous zero-day flaws that are already being exploited by unknown hackers and cyber-criminals.

According to Microsoft’s official bulletin, the February 2023 Security Updates include bugfixes for several Windows components, the Visual Studio IDE, Azure components, .NET Framework, Microsoft Office applications (Word, Publisher, OneNote, SharePoint), SQL Server and much more. All things considered, the new Patch Tuesday should fix 77 individual security flaws.

Nine out of the 77 flaws have been classified with a “critical” severity level, as they can be abused to allow remote code execution on vulnerable systems. Considering the type of flaws and the effects they could have on Windows and other affected software, Microsoft has classified the vulnerabilities as follows: 12 Elevation of Privilege Vulnerabilities, 2 Security Feature Bypass Vulnerabilities, 38 Remote Code Execution Vulnerabilities, 8 Information Disclosure Vulnerabilities, 10 Denial of Service Vulnerabilities, 8 Spoofing Vulnerabilities. A full report about all solved bugs and related advisories has been published by Bleeping Computer and is available here.

The security flaws patched on February 14 don’t include three vulnerabilities in the Edge browser, which Microsoft already fixed at the beginning of the month. The most interesting – and dangerous – bugs fixed in February’s Patch Tuesday include three zero-day flaws, two of which were discovered in Windows components and the last one in Microsoft Publisher.

Known as CVE-2023-21823, the first zero-day bug is a “Windows Graphics Component Remote Code Execution Vulnerability,” which could provide remote code execution capabilities with SYSTEM privileges. Unlike the other patches, the CVE-2023-21823 fix is being distributed via the Microsoft Store rather than through the usual Windows Update channels. Users who disabled automatic updates for the Store will get this particular update as well.

The second zero-day bug is tracked as CVE-2023-23376, and it’s a “Windows Common Log File System Driver Elevation of Privilege Vulnerability” that an attacker could exploit to gain SYSTEM privileges. Finally, the third zero-day bug was discovered in Microsoft Publisher (CVE-2023-21715), and it could be abused by a maliciously crafted document to bypass Office macro policies and run code with no user warning.

Windows Security Updates for February 2023 are already being distributed through the official Windows Update service, update management systems such as WSUS, the Microsoft Store and as direct downloads from the Microsoft Update Catalog. Other software companies releasing their security updates in sync with Microsoft’s February Patch Tuesday include Adobe, Apple, Atlassian, Cisco, Google, Fortra, and SAP.

Read More
Leigha Roberie

Latest

How to Bet on Soccer: World Cup Betting Guide and Strategies

Soccer This page may contain affiliate links to legal...

Akor Adams transfer: Venezia chief in Spain as Sevilla star nears record-breaking move

Soccer Venezia have stepped up their efforts to sign...

I regret not joining Liverpool – 98-cap Super Eagles star laments

Soccer Nigeria players. Copyright: Imago Super Eagles and Paris FC...

Newsletter

Don't miss

Breitbart Business Digest: Stacking Those $250 Trump Bills

Weekly Wrap: Making It Rain with Trump Bills Welcome back to Friday! This is the Breitbart Business Digest weekly wrap, our septidialogic sweep through the economic and financial news. This week the economy failed to get indigestion from the high price of gas, Treasury Secretary Scott Bessent told us about getting fed at the Fed, Trump

Business seminar in Munich highlights Hong Kong’s strategic roles amidst global shifts (with photos)

Business seminar in Munich highlights Hong Kong's strategic roles amidst global shifts (with photos) ******************************************************************************************      The Hong Kong Economic and Trade Office, Berlin (HKETO Berlin), promoted Hong Kong's unique advantages and strategic roles at the seminar "Hong Kong's strategic role amidst geopolitical tensions" on June 18 (Munich time) in Munich, Germany.             Senior executives, investors

AI for business services: From job fears to productivity

AI for business services: From job fears to productivity