Microsoft released patches for over 70 CVEs this month, including three zero-day vulnerabilities currently being exploited in the wild.
The first of these is CVE-2023-23376, an elevation of privilege flaw in the Common Log File System (CLFS) Driver. Tenable senior staff research engineer, Satnam Narang, explained that Redmond patched two similar flaws in the CLFS Driver in April and September 2022.
The second zero-day is CVE-2023-21823, a remote code execution (RCE) bug in the Microsoft Windows Graphics Component that enables attackers to execute commands with system privileges.
“Being able to elevate privileges once on a target system is important for attackers seeking to do more damage,” said Narang.
“These flaws are useful in various contexts, whether an attacker launches an attack exploiting known vulnerabilities or through spear-phishing and malware payloads, which is why we often see elevation of privilege flaws routinely appear in Patch Tuesday releases as being exploited in the wild.”
The final zero-day, CVE-2023-21715, is a security feature bypass in Microsoft Office.
“A local, authenticated attacker could exploit this vulnerability by utilizing social engineering techniques to convince a potential victim to execute a specially crafted file on their system, which would result in the bypass of Microsoft Office security features that would normally block macros from being executed,” said Narang.
In total, the number of CVEs addressed in February’s Patch Tuesday yesterday is less than January’s haul, but the presence of the zero-day bugs will add extra urgency for sysadmins, as will the nine critical RCE flaws listed.
“A more varied selection than last month, February 2023 includes critical RCEs in an SQL Server ODBC driver, the iSCSI Discovery Service, .NET/Visual Studio, three in network authentication framework PEAP, one in Word and two in Visual Studio only,” said Rapid7 lead software engineer, Adam Barnett.
“Microsoft has not observed in-the-wild exploitation for any of these vulnerabilities, nor are any of them marked as publicly disclosed. Microsoft predicts that most of these are less likely to be exploited, with the exception of the PEAP vulnerabilities.”