{"id":608572,"date":"2023-02-16T07:49:11","date_gmt":"2023-02-16T13:49:11","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/16\/microsoft-fixes-three-zero-days-in-february-update\/"},"modified":"2023-02-16T07:49:11","modified_gmt":"2023-02-16T13:49:11","slug":"microsoft-fixes-three-zero-days-in-february-update","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/16\/microsoft-fixes-three-zero-days-in-february-update\/","title":{"rendered":"Microsoft fixes three zero-days in February update"},"content":{"rendered":"<div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/HeroImages\/data-virus-cyber-attack-freshidea-adobe_searchsitetablet_520X173.jpg\" data-credit=\"freshidea - stock.adobe.com\"  width=\"520\" height=\"173\" alt><\/p>\n<p>freshidea &#8211; stock.adobe.com<\/p>\n<\/p><\/div>\n<div id=\"content-header\">\n<h2>February\u2019s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>15 Feb 2023 13:30<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>Microsoft has issued fixes for a total of 75 newly discovered <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/Common-Vulnerabilities-and-Exposures-CVE\">common vulnerabilities and exposures<\/a> (CVEs) in its February 2023 <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/Patch-Tuesday\">Patch Tuesday<\/a> update, including three zero-day vulnerabilities that, while they have not previously been made public, should be prioritised for patching.<\/p>\n<p>The three zero-days have all been designated of important severity, and carry CVS scores of 7.3, 7.8 and 7.8 respectively. They are all known to be exploited in the wild.<\/p>\n<p>They are tracked as follows:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21715\">CVE-2023-21715<\/a>, a security feature bypass vulnerability in Microsoft Publisher which could let an attacker bypass Office macro defences using a specially crafted document to run code that would otherwise be blocked. However, this can only be done by a local, authenticated user, and it affects only Publisher installations that are part of the wider Microsoft 365 Apps for Enterprise package.<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21823\">CVE-2023-21823<\/a>, a joint elevation of privilege (EoP) and remote code execution (RCE) vulnerability in Windows Graphics Component, which enables an attacker to gain system-level privileges. It affects Windows 10 and Server 2008 and later editions, as well as Microsoft Office for iOS, Android and Universal \u2013 in these three latter instances, it can lead to RCE, hence its dual nature.<\/li>\n<li>And <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-23376\">CVE-2023-23376<\/a>, another EoP vulnerability in Windows Common Log File System Driver that again enables local privilege escalation to system-level. There does not appear to be any mature exploit code that Microsoft is aware of, however it does warrant a swift fix because it affects the vast majority of Windows hosts.<\/li>\n<\/ul>\n<p>Chris Goettl, vice-president of security products at <a href=\"https:\/\/www.ivanti.com\/en-gb\/\">Ivanti<\/a>, said the fact that the exploited vulnerabilities were all rated as being of lower severity than many of the other squashed bugs should be a valuable lesson for security teams as they go about shoring up their defences.<\/p>\n<p>\u201cOrganisations are urged to expand their prioritisation beyond just vendor severity and CVSS score alone,\u201d said Goettl, \u201cas many exploited vulnerabilities will be less than Critical or CVSS 8.0.\u00a0This emphasises the urgent need to utilise risk-based prioritisation methods in your vulnerability management programme.\u201d\u00a0\u00a0<\/p>\n<section data-menu-title=\"Critical bugs\">\n<h3><i data-icon=\"1\"><\/i>Critical bugs<\/h3>\n<p>The full drop also address nine critical CVEs, all leading to remote code execution, and their CVSS scores range from 7.8 to 9.8. These are:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21689\">CVE-2023-21689<\/a> in Microsoft Protected Extensible Authentication Protocol (PEAP);<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21690\">CVE-2023-21690<\/a>, also in PEAP;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21692\">CVE-2023-21692<\/a>, also in PEAP;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21716\">CVE-2023-21716<\/a> in Microsoft Word;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21718\">CVE-2023-21718<\/a> in Microsoft SQL ODBC Driver;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21803\">CVE-2023-21803<\/a> in Windows iSCSI Discovery Service;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21808\">CVE-2023-21808<\/a> in .NET and Visual Studio;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-21815\">CVE-2023-21815<\/a> in Visual Studio;<\/li>\n<li>And <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-23381\">CVE-2023-23381<\/a>, also in Visual Studio.<\/li>\n<\/ul>\n<p>Running the rule over the listed critical bugs, Dustin Childs of Trend Micro\u2019s <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2023\/2\/14\/the-february-2023-security-update-overview\">Zero Day Initiative<\/a> programme, said that the PEAP vulnerabilities may prove less impactful as the protocol is being used less and less, but that of rather more concern is the iSCSI Discovery Service issue.<\/p>\n<p>\u201cDatacentres with storage area networks (SANs) should definitely check with their vendors to see if their SAN is impacted by the RCE vulnerability,\u201d wrote Childs.<\/p>\n<p>He said the SQL ODBC driver vulnerability, which he assessed may have a \u201csomewhat unlikely\u201d exploit chain associated with it, but which still warrants attention to ensure security teams get the right fix for the right edition of SQL Server. Finally, he said, the three patches covering .NET and Visual Studio seemed at face value to be simple \u201copen-and-own\u201d bugs, but details are thin on the ground.<\/p>\n<p>Childs also noted that the full February update is slightly unusual in that fully half of the bugs patched are RCE vulnerabilities.<\/p>\n<p>Adam Barnett, lead software engineer at <a href=\"https:\/\/www.rapid7.com\/\">Rapid7<\/a>, noted that following the end of support for Windows 8.1 \u2013 the January 2023 update <a href=\"https:\/\/www.computerweekly.com\/news\/252529073\/Microsoft-fixes-EoP-zero-day-on-January-Patch-Tuesday\">was the last to cover it<\/a> \u2013 security teams still running it should be on their guard moving forward.<\/p>\n<p>\u201cThis is the first Patch Tuesday after the end of Extended Security Updates (ESU) for Windows 8.1. Admins responsible for Windows Server 2008 instances should note that ESU for Windows Server 2008 is now only available for instances hosted in Azure or on-premises instances hosted via Azure Stack,\u201d he said.<\/p>\n<p>\u201cInstances of Windows Server 2008 hosted in a non-Azure context will no longer receive security updates, so will forever remain vulnerable to any new vulnerabilities, including the two zero-days covered above.\u201d<\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Application security and coding requirements<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.techtarget.com\/searchwindowsserver\/news\/365531374\/Microsoft-remedies-three-zero-days-on-February-Patch-Tuesday\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a386211215_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a386211215_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a386211215.jpg 1280w\" alt ><\/p>\n<h5>Microsoft remedies three zero-days on February Patch Tuesday<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/walat_tomas_web.jpg\" alt=\"TomWalat\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Tom\u00a0Walat<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252529148\/Windows-zero-day-patched-but-exploitation-activity-unclear\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a292905838_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a292905838_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a292905838.jpg 1280w\" alt ><\/p>\n<h5>Windows zero day patched but exploitation activity unclear<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/waldman_arielle.jpg\" alt=\"ArielleWaldman\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Arielle\u00a0Waldman<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.computerweekly.com\/news\/252529073\/Microsoft-fixes-EoP-zero-day-on-January-Patch-Tuesday\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/software-update-patch-fotalia_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/software-update-patch-fotalia_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/software-update-patch-fotalia.jpg 1280w\" alt ><\/p>\n<h5>Microsoft fixes EoP zero-day on January Patch Tuesday<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.techtarget.com\/searchwindowsserver\/news\/252529068\/Microsoft-resolves-Windows-zero-day-on-January-Patch-Tuesday\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303249453_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303249453_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303249453.jpg 1280w\" alt ><\/p>\n<h5>Microsoft resolves Windows zero-day on January Patch Tuesday<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/walat_tomas_web.jpg\" alt=\"TomWalat\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Tom\u00a0Walat<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365531275\/Microsoft-fixes-three-zero-days-in-February-update\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Erasmo Volkman<\/p>\n","protected":false},"excerpt":{"rendered":"<p>freshidea &#8211; stock.adobe.com February\u2019s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver By Alex Scroxton, Security Editor Published: 15 Feb 2023 13:30 Microsoft has issued fixes for a total of 75 newly discovered common vulnerabilities and exposures (CVEs) in its<\/p>\n","protected":false},"author":1,"featured_media":608573,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22712,78,46],"tags":[],"class_list":{"0":"post-608572","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-fixes","8":"category-microsoft","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/608572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=608572"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/608572\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/608573"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=608572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=608572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=608572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}