Microsoft unveils fixes for more critical security flaws, so patch now

By Scott Marlette Last updated Feb 15, 2023

Microsoft has released this month’s Patch Tuesday security update, fixing a total of 77 flaws including three zero-day vulnerabilities.

A zero-day is a high-severity vulnerability that a threat actor can leverage destructive cyberattacks, that still hasn’t been patched. Given that this month’s patch fixes three such flaws, Microsoft recommends users apply the fix as soon as possible.

The three zero-days that were fixed are CVE-2023-21823 (Windows graphics component remote code execution), CVE-2023-21715 (Microsoft publisher security features bypass), and CVE-2023-23376 (Windows common log file system driver elevation of privilege vulnerability). These three allowed threat actors to execute code remotely, bypass Office macro policies, or gain system privileges.

Updates via Microsoft Store

Microsoft also said that it will be pushing this update out to the users through the Microsoft Store, not Windows Update. That means that the customers with disabled automatic updates in the Microsoft Store will not get the patch automatically and will rather need to trigger it themselves.

The company did not detail who, or where, leveraged these flaws to initiate attacks, but it did say exploiting 21715 allows a malicious (opens in new tab) Publisher document to run without warning the user.

“The attack itself is carried out locally by a user with authentication to the targeted system,” the company said. “An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.”

The February 2023 Patch Tuesday cumulative update addresses a total of nine vulnerabilities classified as “critical”, which allow for remote code execution.

In total, Microsoft fixed 12 elevation of privilege flaws, two security feature bypass flaws, 38 remote code execution flaws, 8 information disclosure vulnerabilities, 10 denial of service vulnerabilities, and 8 spoofing flaws. Earlier this month, Microsoft released fixes for three additional vulnerabilities found in the Edge browser, which are not part of this update.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.