This release is slightly smaller than what we saw in January, with a total of 78 vulnerabilities, 9 critical, 0 publicly disclosed and 3 exploited in the wild. This month’s vulnerability classification spread appears to be heavily focused on remote code execution, while the number of elevation of privilege flaws are unusually low, especially compared to last month. Despite these differences, there are still a number of dangerous flaws that have been addressed by Microsoft in this batch of updates.
• Visual Studio
• Azure DevOps
• Microsoft Defender for Endpoint
• Microsoft Defender for IoT
• Microsoft Dynamics
• Microsoft Edge
• Microsoft Exchange Server
• Microsoft Office
• Power BI
• SQL Server
• Windows Active Directory
• Windows Common Log File System Driver
• Windows Cryptographic Services
• Windows Distributed File System (DFS)
• Windows Fax and Scan Service
• Windows Installer
• Windows Protected EAP (PEAP)
• Windows SChannel
• Windows Win32K
This critical vulnerability would allow an attacker to send a malicious e-mail containing an RTF payload or malicious word document that would allow them to gain access to execute commands within Microsoft Word used to open the malicious file. This vulnerability is so severe that even previewing the document in Outlook could initiate the exploit.
Being one of the three vulnerabilities exploited in the wild this important vulnerability would allow an attacker to execute commands with SYSTEM privileges. More information about this vulnerability has been restricted however It is essential that Windows users know this patch will be supplied through the Microsoft store so if auto updates are off a manual download will be needed to protect from this vulnerability.
This important vulnerability can be exploited if an attacker sends a specially crafted document that is capable of bypassing Microsoft Publisher security restrictions for untrusted files which would allow malicious macros to be executed on a system without warning the user. This vulnerability is known to be exploited in the wild and users should be wary of opening documents in Publisher from untrusted sources until updating.
The last vulnerability known to be exploited in the wild is to do with the Windows common log file system driver. This important vulnerability would allow an attacker to gain system privileges if successfully exploited.
Microsoft Exchange Server has received three patches in relation to three remote code execution attacks this month. All three are likely to be exploited in the wild and users are advised to update to protect against potential attacks.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
