February Microsoft Patch Tuesday Fixes Three Zero-days

Read Time:2 Minute, 6 Second

On February 14, 2023, Microsoft released more than 70 security patches as part of regular Patch Tuesday. Microsoft observed CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823 were exploited in the wild.Why is this Significant?This is significant because three vulnerabilities (CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823) were observed to have been exploited in the field as such corresponding patches should be applied as soon as possible.What is CVE-2023-21715?CVE-2023-23376 is a security feature bypass vulnerability in Microsoft Office and allows an attacker to bypass a security feature designed to block malicious macros. Exploiting this vulnerability requires a local authenticated user, and at in parallel a victim needs to be lured into downloading and opening a malicious file from the internet.The vulnerability has a CVSS base score of 7.3 and is rated important by Microsoft.What is CVE-2023-23376?CVE-2023-23376 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). The vulnerability has a CVSS base score of 7.8 and is rated important by Microsoft.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted application. A remote attacker may be able to exploit this to escalate their privileges on vulnerable systems. Since the vulnerability is a local privilege escalation, an attacker needs to have access to the victims’ network to exploit the vulnerability.What is CVE-2023-21823?CVE-2023-21823 is an elevation of privilege vulnerability in Windows Graphics Component that allows an attacker to gain SYSTEM privileges and execute commands as such upon successful exploitation. The vulnerability has a CVSS base score of 7.8 and is rated important by Microsoft..Reportedly Kevin Breen of Immersive Labs claimed that Microsoft OneNote was leveraged in observed attacks involving CVE-2023-21823.Note that a patch for this vulnerability may only be available via the Microsoft Store. For details, see the Appendix for a link to “CVE-2023-21823 (Microsoft)”.What is the Status of Protection?FortiGuard Labs released the following IPS signatures in version 22.495 for CVE-2023-23376 and CVE-2023-21823:MS.Windows.CVE-2023-23376.Privilege.Elevation (CVE-2023-23376) MS.Windows.Win32k.GDI.ExtTextOut.Privilege.Elevation (CVE-2023-21823)Default action for both signatures are set to “pass”.As of this writing, CVE-2023-21715 has no sufficient information that allows us to investigate coverage. This Threat Signal will be updated once new information becomes available.

Patch Tuesday, April 2025 Edition

The AI Fix #45: The Turing test falls to GPT-4.5

Google Releases April Android Update to Address Two Zero-Days

NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog

Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges

CISA Warns of CrushFTP Vulnerability Exploitation in the Wild

Arguing Against CALEA

Boards Urged to Follow New Cyber Code of Practice

Russian bots hard at work spreading political unrest on Romania’s internet

February Microsoft Patch Tuesday Fixes Three Zero-days

CrushFTP Authentication Bypass

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution

rust-openssl-0.10.72-1.el9 rust-openssl-sys-0.9.107-1.el9

rust-openssl-0.10.72-1.el10_0 rust-openssl-sys-0.9.107-1.el10_0

rust-openssl-0.10.72-1.el10_1 rust-openssl-sys-0.9.107-1.el10_1

rust-openssl-0.10.72-1.fc40 rust-openssl-sys-0.9.107-1.fc40