On February 14, 2023, Microsoft released more than 70 security patches as part of regular Patch Tuesday. Microsoft observed CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823 were exploited in the wild.Why is this Significant?This is significant because three vulnerabilities (CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823) were observed to have been exploited in the field as such corresponding patches should be applied as soon as possible.What is CVE-2023-21715?CVE-2023-23376 is a security feature bypass vulnerability in Microsoft Office and allows an attacker to bypass a security feature designed to block malicious macros. Exploiting this vulnerability requires a local authenticated user, and at in parallel a victim needs to be lured into downloading and opening a malicious file from the internet.The vulnerability has a CVSS base score of 7.3 and is rated important by Microsoft.What is CVE-2023-23376?CVE-2023-23376 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). The vulnerability has a CVSS base score of 7.8 and is rated important by Microsoft.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted application. A remote attacker may be able to exploit this to escalate their privileges on vulnerable systems. Since the vulnerability is a local privilege escalation, an attacker needs to have access to the victims’ network to exploit the vulnerability.What is CVE-2023-21823?CVE-2023-21823 is an elevation of privilege vulnerability in Windows Graphics Component that allows an attacker to gain SYSTEM privileges and execute commands as such upon successful exploitation. The vulnerability has a CVSS base score of 7.8 and is rated important by Microsoft..Reportedly Kevin Breen of Immersive Labs claimed that Microsoft OneNote was leveraged in observed attacks involving CVE-2023-21823.Note that a patch for this vulnerability may only be available via the Microsoft Store. For details, see the Appendix for a link to “CVE-2023-21823 (Microsoft)”.What is the Status of Protection?FortiGuard Labs released the following IPS signatures in version 22.495 for CVE-2023-23376 and CVE-2023-21823:MS.Windows.CVE-2023-23376.Privilege.Elevation (CVE-2023-23376) MS.Windows.Win32k.GDI.ExtTextOut.Privilege.Elevation (CVE-2023-21823)Default action for both signatures are set to “pass”.As of this writing, CVE-2023-21715 has no sufficient information that allows us to investigate coverage. This Threat Signal will be updated once new information becomes available.
More Stories
DSA-5837-1 fastnetmon – security update
Two security issues have been discovered in FastNetMon, a fast DDoS analyzer: Malformed Netflow/sFlow traffic could result in denial of...
DSA-5836-1 xen – security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information...
DSA-5835-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-54479 Seunghyun Lee discovered that processing maliciously crafted web...
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More