Microsoft unveils fixes for more critical security flaws, so patch now
Microsoft has released this month’s Patch Tuesday security update, fixing a total of 77 flaws including three zero-day vulnerabilities.
A zero-day is a high-severity vulnerability that a threat actor can leverage destructive cyberattacks, that still hasn’t been patched. Given that this month’s patch fixes three such flaws, Microsoft recommends users apply the fix as soon as possible.
The three zero-days that were fixed are CVE-2023-21823 (Windows graphics component remote code execution), CVE-2023-21715 (Microsoft publisher security features bypass), and CVE-2023-23376 (Windows common log file system driver elevation of privilege vulnerability). These three allowed threat actors to execute code remotely, bypass Office macro policies, or gain system privileges.
Updates via Microsoft Store
Microsoft also said that it will be pushing this update out to the users through the Microsoft Store, not Windows Update. That means that the customers with disabled automatic updates in the Microsoft Store will not get the patch automatically and will rather need to trigger it themselves.
The company did not detail who, or where, leveraged these flaws to initiate attacks, but it did say exploiting 21715 allows a malicious (opens in new tab) Publisher document to run without warning the user.
“The attack itself is carried out locally by a user with authentication to the targeted system,” the company said. “An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.”
The February 2023 Patch Tuesday cumulative update addresses a total of nine vulnerabilities classified as “critical”, which allow for remote code execution.
In total, Microsoft fixed 12 elevation of privilege flaws, two security feature bypass flaws, 38 remote code execution flaws, 8 information disclosure vulnerabilities, 10 denial of service vulnerabilities, and 8 spoofing flaws. Earlier this month, Microsoft released fixes for three additional vulnerabilities found in the Edge browser, which are not part of this update.
Via: BleepingComputer (opens in new tab)
Audio player loading… Microsoft has released this month’s Patch Tuesday security update, fixing a total of 77 flaws including three zero-day vulnerabilities. A zero-day is a high-severity vulnerability that a threat actor can leverage destructive cyberattacks, that still hasn’t been patched. Given that this month’s patch fixes three such flaws,…
Recent Posts
- The newest Star Wars Acolyte trailer seems to reveal the show’s big bad
- 6-screen laptop manufacturer is very much alive — Acme Portable’s Megapac L3 is the original hexadisplay mobile powerstation and is still on sale, shame that it is still using old dual CPU tech from AMD and Intel
- ChromeOS gets better multitasking and Wi-Fi traffic prioritization
- Huge Google Pixel 8a leak includes all the predicted specs – and a price
- Huge Google Pixel 8a leak includes all the predicted specs – and a price
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011