3 Zero Day Flaw Fixes for Microsoft's February Security Patch
Microsoft's February security update comes packed for three important fixes aimed at addressing currently exploitable vulnerabilities across the company's product and services.
Due to the time-sensitive nature of these exploits patching priority should be given to these three items before moving on to the remaining 72 bulletins for this month.
The first is CVE-2023-23376, which deals with an elevation of privilege flaw in Windows Common Log File System Driver, and affects all currently supported versions of Windows and Windows Server. Microsoft said that the current attacks exploiting the bug can lead to attackers assigning new privileges to a targeted system.
Dustin Childs, security expert at Zero Day Initiative, provided some more insight into the current attacks, saying that the flaw is not successful only on its own. "This is likely being chained with an RCE bug to spread malware or ransomware," said Childs in a blog post. "Considering this was discovered by Microsoft’s Threat Intelligence Center (aka MSTIC), it could mean it was used by advanced threat actors. Either way, make sure you test and roll these fixes quickly."
The next zero-day patch (CVE-2023-21823) addresses a remote code execution vulnerability in the Windows Graphics Component. What's interesting about this one is that, along with affecting all supported versions of Windows OS and Windows Server, it also affects Microsoft Offices for both PCs and mobile. This means that mobile users will have to apply the fix by updating their app through their respective mobile stores. PC users can update their Office through the Windows Store.
CVE-2023-21715 is the final zero day flaw fix for February and addresses a security features bypass in Microsoft Publisher, part of Microsoft 365. While Microsoft has seen successful exploitation attempts, attackers will have to jump through some hoops to take advantage of it. "The attack itself is carried out locally by a user with authentication to the targeted system," said Microsoft. "An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer."
This can be accomplished by users opening a malicious Office attachment, which then can infect a system with harmful macros to push through additional malware and attack code.
After the three zero day flaws have been prioritized and all necessary patching is complete, it's recommended to focus on this month's list of critical bulletins, which all concern remote code execution flaws:
- CVE-2023-21689: Remote code execution vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP).
- CVE-2023-21690: Remote code execution vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP).
- CVE-2023-21692: Remote code execution vulnerability in Microsoft Protected Extensible Authentication Protocol (PEAP).
- CVE-2023-21808: Remote code execution vulnerability in .NET and Visual Studio.
- CVE-2023-21716: Remote code execution vulnerability in Microsoft Word.
- CVE-2023-23381: Remote code execution vulnerability in Visual Studio.
- CVE-2023-21815: Remote code execution vulnerability in Visual Studio.
- CVE-2023-21803: Remote code execution vulnerability in Windows iSCSI Discovery Service.
- CVE-2023-21803: Remote code execution vulnerability in Microsoft SQL ODBC Driver.
The full list of this month's bulletins can be found here.