Report Name: Microsoft Patch Tuesday, February 2023
Generated: 2023-02-26 12:26:00

Product Name	Prevalence	U	C	H	M	L	Comment
Kerberos	1				1		Kerberos
Active Directory	0.9			1			Active Directory is a directory service developed by Microsoft for Windows domain networks
.NET Framework	0.8				1		.NET Framework
Microsoft Defender for IoT	0.8				1		Microsoft Defender for IoT provides comprehensive threat detection for IoT/OT environments
Microsoft Edge	0.8		1	11	21		Web browser
Microsoft Exchange	0.8			4			Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
Windows Common Log File System Driver	0.8		1		1		Windows component
Windows Distributed File System (DFS)	0.8			1			Windows component
Windows Fax Service	0.8			1			Windows component
Windows Graphics Component	0.8	1			2		Windows component
Windows Installer	0.8				1		Windows component
Windows Internet Storage Name Service (iSNS) Server	0.8				2		Windows component
Windows MSHTML Platform	0.8			1			Windows component
Windows Media	0.8			1			Windows component
Windows Point-to-Point Tunneling Protocol	0.8			1			Windows component
Windows Secure Channel	0.8			3			Windows component
Windows iSCSI Discovery Service	0.8			2			Windows component
Windows iSCSI Service	0.8			2			Windows component
.NET	0.7			1			.NET
Microsoft SharePoint	0.7				1		Microsoft SharePoint
Microsoft Office	0.6				1		Microsoft Office
Microsoft SQL	0.6			5			Microsoft SQL
Microsoft Word	0.6			1			MS Office product
3D Builder	0.5			2			3D Builder
Azure App Service on Azure Stack Hub	0.5				1		Azure App Service on Azure Stack Hub
Azure Data Box Gateway	0.5				1		Azure Data Box Gateway
Azure DevOps Server	0.5			1	1		Azure DevOps Server
Azure Machine Learning Compute Instance	0.5				1		Azure Machine Learning Compute Instance
HTTP.sys	0.5				1		HTTP.sys
Microsoft Defender for Endpoint	0.5				1		Microsoft Defender for Endpoint
Microsoft Dynamics 365 (on-premises)	0.5				5		Microsoft Dynamics 365 (on-premises)
Microsoft Dynamics Unified Service Desk	0.5			1			Microsoft Dynamics Unified Service Desk
Microsoft ODBC Driver	0.5			2			Microsoft ODBC Driver
Microsoft ODBC Driver for SQL Server	0.5			1			Microsoft ODBC Driver for SQL Server
Microsoft OneNote	0.5				1		Microsoft OneNote
Microsoft PostScript Printer Driver	0.5			2	1		Microsoft PostScript Printer Driver
Microsoft Protected Extensible Authentication Protocol (PEAP)	0.5			4	2		Microsoft Protected Extensible Authentication Protocol (PEAP)
Microsoft Publisher	0.5		1				Microsoft Publisher
Microsoft WDAC OLE DB provider for SQL Server	0.5			3			Microsoft WDAC OLE DB provider for SQL Server
NT OS Kernel	0.5				1		NT OS Kernel
Power BI Report Server	0.5				1		Power BI Report Server
Print 3D	0.5			1			Print 3D
Git	0.4			1	1		Git
Visual Studio	0.3				4		Integrated development environment
Microsoft HoloLens 1	0.2				1		Microsoft HoloLens Gen 1 is a fully untethered holographic computer

Vulnerability Type	Criticality	U	C	H	M	L	Comment
Remote Code Execution	1.0	1		38	4		Remote Code Execution
Security Feature Bypass	0.9		1	7	2		Security Feature Bypass
Denial of Service	0.7			7	3		Denial of Service
Memory Corruption	0.6		1		14		Memory Corruption
Elevation of Privilege	0.5		1	1	12		Elevation of Privilege
Cross Site Scripting	0.4				6		Cross Site Scripting
Information Disclosure	0.4				8		Information Disclosure
Spoofing	0.4				5		Spoofing
Tampering	0.3				1		Tampering

Urgent (1)

1. Remote Code Execution - Windows Graphics Component (CVE-2023-21823) - Urgent [889]

Description: Windows Graphics Component Remote Code Execution Vulnerability

qualys: Other Microsoft Vulnerability Highlights  Microsoft has patched a total 3 zero-day vulnerabilities that are confirmed to be exploited: CVE-2023-21823 is a vulnerability that affects Windows Graphic component used in various products such as Windows OS, Office desktop, and Mobile Apps. The vulnerability helps the attacker gain and execute code with SYSTEM privileges. CVE-2023-21715, a Security Features Bypass Vulnerability in Microsoft Publisher that lets attackers bypass Office macro policies used to block untrusted or malicious files. Microsoft has additionally mentioned that the vulnerability can be triggered using social engineering attacks to trick the victim into downloading a specially crafted file from a website. CVE-2023-23376, an Elevation of Privilege vulnerability, is the Windows Common Log File System Driver that allows attackers to gain SYSTEM privileges. No other information has been made public by Microsoft. Microsoft has also disclosed a vulnerability that affects the end-of-life application Print 3D. Microsoft has affirmed that it will not release a patch to fix the vulnerability and that customers should update to the 3D Builder app. Microsoft Dynamic has got fixes for 6 Cross-site Scripting Vulnerabilities. Microsoft has fixed 4 remote code execution bugs in Exchange Server. Azure DevOps has received patches for a Cross-site Scripting and Remote Code Execution vulnerability. Lastly, a spoofing vulnerability in Power BI Report Server has been addressed. This month, nearly half of the CVEs disclosed by Microsoft are Remote Code Execution Vulnerabilities. We continue to see double-digit numbers in terms of fixes in the Elevation of Privilege and Denial of Server vulnerabilities.

tenable: CVE-2023-21823 | Windows Graphics Component Elevation of Privilege Vulnerability

tenable: CVE-2023-21823 is an EoP vulnerability in the Microsoft Windows Graphics Component. It received a CVSSv3 score of 7.8 and was exploited in the wild as a zero day. Exploitation of this flaw requires an attacker to log onto a vulnerable system and execute a specially crafted application. Successful exploitation would grant an attacker the ability to to run processes in an elevated context. While details have not been shared, the flaw is credited to researchers Genwei Jiang and Dhanesh Kizhakkinan of Mandiant.

rapid7: CVE-2023-21823 is described as a Remote Code Execution (RCE) vulnerability in Windows Graphics Component, but has Attack Vector listed as Local. This apparent inconsistency is often accompanied with a clarification like: “The word Remote in the title refers to the location of the attacker. [...] The attack itself is carried out locally.” No such clarification is available in this case, but this is likely applicable here also. Microsoft also notes the existence of mature exploit code.

krebsonsecurity: The third zero-day flaw already seeing exploitation is CVE-2023-21823, which is another elevation of privilege weakness — this one in the Microsoft Windows Graphic component. Researchers at cybersecurity forensics firm Mandiant were credited with reporting the bug.

krebsonsecurity: Kevin Breen, director of cyber threat research at Immersive Labs, pointed out that the security bulletin for CVE-2023-21823 specifically calls out OneNote as being a vulnerable component for the vulnerability.

Critical (3)

2. Memory Corruption - Microsoft Edge (CVE-2023-0129) - Critical [637]

Description: Chromium:CVE-2023-0129: Heap buffer overflow in Network Service. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0129 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

3. Security Feature Bypass - Microsoft Publisher (CVE-2023-21715) - Critical [614]

Description: Microsoft Publisher Security Features Bypass Vulnerability

qualys: Other Microsoft Vulnerability Highlights  Microsoft has patched a total 3 zero-day vulnerabilities that are confirmed to be exploited: CVE-2023-21823 is a vulnerability that affects Windows Graphic component used in various products such as Windows OS, Office desktop, and Mobile Apps. The vulnerability helps the attacker gain and execute code with SYSTEM privileges. CVE-2023-21715, a Security Features Bypass Vulnerability in Microsoft Publisher that lets attackers bypass Office macro policies used to block untrusted or malicious files. Microsoft has additionally mentioned that the vulnerability can be triggered using social engineering attacks to trick the victim into downloading a specially crafted file from a website. CVE-2023-23376, an Elevation of Privilege vulnerability, is the Windows Common Log File System Driver that allows attackers to gain SYSTEM privileges. No other information has been made public by Microsoft. Microsoft has also disclosed a vulnerability that affects the end-of-life application Print 3D. Microsoft has affirmed that it will not release a patch to fix the vulnerability and that customers should update to the 3D Builder app. Microsoft Dynamic has got fixes for 6 Cross-site Scripting Vulnerabilities. Microsoft has fixed 4 remote code execution bugs in Exchange Server. Azure DevOps has received patches for a Cross-site Scripting and Remote Code Execution vulnerability. Lastly, a spoofing vulnerability in Power BI Report Server has been addressed. This month, nearly half of the CVEs disclosed by Microsoft are Remote Code Execution Vulnerabilities. We continue to see double-digit numbers in terms of fixes in the Elevation of Privilege and Denial of Server vulnerabilities.

tenable: CVE-2023-21715 | Microsoft Office Security Feature Bypass Vulnerability

tenable: CVE-2023-21715 is a security feature bypass vulnerability in Microsoft Office that was given a CVSSv3 score of 7.3 and was exploited in the wild. To be exploited, the vulnerability requires a local, authenticated user to download and open an attacker-created file on a vulnerable system. An attacker would need to entice the user to download and execute the file in order to successfully exploit this flaw. This flaw is credited to Hidetake Jo.

rapid7: One zero-day vulnerability is a Security Features Bypass vulnerability in Microsoft Publisher. Successful exploitation of CVE-2023-21715 allows an attacker to bypass Office macro defenses using a specially-crafted document and run code which would otherwise be blocked by policy. Only Publisher installations delivered as part of Microsoft 365 Apps for Enterprise are listed as affected.

zdi: CVE-2023-21715 – Microsoft Office Security Feature Bypass Vulnerability. Microsoft lists this as under active exploit, but they offer no info on how widespread these exploits may be. Based on the write-up, it sounds more like a privilege escalation than a security feature bypass, but regardless, active attacks in a common enterprise application shouldn’t be ignored. It’s always alarming when a security feature is not just bypassed but exploited. Let’s hope the fix comprehensively addresses the problem.

krebsonsecurity: The zero-day CVE-2023-21715 is a weakness in Microsoft Office that Redmond describes as a “security feature bypass vulnerability.”

4. Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-23376) - Critical [604]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

qualys: Other Microsoft Vulnerability Highlights  Microsoft has patched a total 3 zero-day vulnerabilities that are confirmed to be exploited: CVE-2023-21823 is a vulnerability that affects Windows Graphic component used in various products such as Windows OS, Office desktop, and Mobile Apps. The vulnerability helps the attacker gain and execute code with SYSTEM privileges. CVE-2023-21715, a Security Features Bypass Vulnerability in Microsoft Publisher that lets attackers bypass Office macro policies used to block untrusted or malicious files. Microsoft has additionally mentioned that the vulnerability can be triggered using social engineering attacks to trick the victim into downloading a specially crafted file from a website. CVE-2023-23376, an Elevation of Privilege vulnerability, is the Windows Common Log File System Driver that allows attackers to gain SYSTEM privileges. No other information has been made public by Microsoft. Microsoft has also disclosed a vulnerability that affects the end-of-life application Print 3D. Microsoft has affirmed that it will not release a patch to fix the vulnerability and that customers should update to the 3D Builder app. Microsoft Dynamic has got fixes for 6 Cross-site Scripting Vulnerabilities. Microsoft has fixed 4 remote code execution bugs in Exchange Server. Azure DevOps has received patches for a Cross-site Scripting and Remote Code Execution vulnerability. Lastly, a spoofing vulnerability in Power BI Report Server has been addressed. This month, nearly half of the CVEs disclosed by Microsoft are Remote Code Execution Vulnerabilities. We continue to see double-digit numbers in terms of fixes in the Elevation of Privilege and Denial of Server vulnerabilities.

tenable: Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)

tenable: CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege Vulnerability

tenable: CVE-2023-23376 is an EoP vulnerability in Windows operating systems receiving a CVSSv3 score of 7.8 that has been exploited in the wild. The vulnerability exists in the Common Log File System (CLFS) Driver, a logging service used by kernel-mode and user-mode applications. This vulnerability can be exploited after an attacker has gained access to a vulnerable target in order to elevate to SYSTEM privileges.

rapid7: CVE-2023-23376 describes a vulnerability in the Windows Common Log File System Driver which allows Local Privilege Escalation (LPE) to SYSTEM. Although Microsoft isn’t necessarily aware of mature exploit code at time of publication, this is worth patching at the first opportunity, since it affects essentially all current Windows hosts.

zdi: CVE-2023-23376 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. This is the other bug under active attack in February, and sadly, there’s just a little solid information about this privilege escalation. Microsoft does note that the vulnerability would allow an attacker to exploit code as SYSTEM, which would allow them to completely take over a target. This is likely being chained with an RCE bug to spread malware or ransomware. Considering this was discovered by Microsoft’s Threat Intelligence Center (aka MSTIC), it could mean it was used by advanced threat actors. Either way, make sure you test and roll these fixes quickly.

krebsonsecurity: Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs. Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver, which is present in Windows 10 and 11 systems, as well as many server versions of Windows.

High (53)

5. Remote Code Execution - Microsoft Edge (CVE-2023-21775) - High [554]

Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

MS PT Extended: CVE-2023-21775 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

6. Remote Code Execution - Windows iSCSI Discovery Service (CVE-2023-21803) - High [489]

Description: Windows iSCSI Discovery Service Remote Code Execution Vulnerability

qualys: CVE-2023-21803 – Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows iSCSI Discovery Service is a Windows Service that allows non-SMB Clients to access storage on a Windows host. The vulnerability affects only 32 bits versions of Windows. The vulnerability can be exploited by sending a maliciously crafted DHCP discovery request to a Windows Host running iSCSI Discovery Service. On successful exploitation, it will allow an attacker to execute code remotely. The vulnerability can only be exploited if the iSCSI Initiator client application is running. iSCSI Initiator client application is not enabled by default.

qualys: CVE-2023-21803 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10 Policy Compliance Control IDs (CIDs): 4046 Status of the ‘Microsoft iSCSI Initiator Service’ The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: The next Patch Tuesday falls on March 14th, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the This Month in Vulnerabilities and Patches webinar.

7. Remote Code Execution - Microsoft Edge (CVE-2023-0136) - High [475]

Description: {'ms_cve_data_all': 'Chromium:CVE-2023-0136: Inappropriate implementation in Fullscreen API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0136 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

8. Remote Code Execution - Microsoft Exchange (CVE-2023-21529) - High [475]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 are RCE vulnerabilities in supported versions of Microsoft Exchange Server. CVE-2023-21710 received a CVSSv3 score of 7.2 while the other three CVEs were assigned CVSSv3 scores of 8.8. The vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable server, via a network call. CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 were given a rating of "Exploitation More Likely" on Microsoft's Exploitability Index.

tenable: CVE-2023-21529, CVE-2023-21706 and CVE-2023-21707 share similarities with CVE-2022-41082, an authenticated RCE publicly disclosed in September 2022 that was a part of the ProxyNotShell attack chain, a variant of the ProxyShell attack chain discovered in August 2021. Microsoft released mitigations in September to protect vulnerable servers until a patch was released in their November 2022 Patch Tuesday. A bypass of this mitigation, called OWASSRF (CVE-2022-41080), was then released in December 2022. Our recent blog on ProxyNotShell, OWASSRF and TabShell discusses these vulnerabilities in greater detail.

zdi: CVE-2023-21529 – Microsoft Exchange Server Remote Code Execution Vulnerability. There are multiple Exchange RCE bugs getting fixes this month, but this one reported by ZDI’s Piotr Bazydło stands out as it results from an incomplete fix in Exchange from last fall. While this vulnerability does require authentication, it allows any user with access to the Exchange PowerShell backend to take over an Exchange server. I know applying Exchange patches isn’t fun and usually requires weekend downtime, but these updates should still be considered a priority.

krebsonsecurity: Microsoft also has more valentines for organizations that rely on Microsoft Exchange Server to handle email. Redmond patched three Exchange Server flaws (CVE-2023-21706, CVE-2023-21707, and CVE-2023-21529), all of which Microsoft says are remote code execution flaws that are likely to be exploited.

9. Remote Code Execution - Microsoft Exchange (CVE-2023-21706) - High [475]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 are RCE vulnerabilities in supported versions of Microsoft Exchange Server. CVE-2023-21710 received a CVSSv3 score of 7.2 while the other three CVEs were assigned CVSSv3 scores of 8.8. The vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable server, via a network call. CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 were given a rating of "Exploitation More Likely" on Microsoft's Exploitability Index.

tenable: CVE-2023-21529, CVE-2023-21706 and CVE-2023-21707 share similarities with CVE-2022-41082, an authenticated RCE publicly disclosed in September 2022 that was a part of the ProxyNotShell attack chain, a variant of the ProxyShell attack chain discovered in August 2021. Microsoft released mitigations in September to protect vulnerable servers until a patch was released in their November 2022 Patch Tuesday. A bypass of this mitigation, called OWASSRF (CVE-2022-41080), was then released in December 2022. Our recent blog on ProxyNotShell, OWASSRF and TabShell discusses these vulnerabilities in greater detail.

krebsonsecurity: Microsoft also has more valentines for organizations that rely on Microsoft Exchange Server to handle email. Redmond patched three Exchange Server flaws (CVE-2023-21706, CVE-2023-21707, and CVE-2023-21529), all of which Microsoft says are remote code execution flaws that are likely to be exploited.

10. Remote Code Execution - Microsoft Exchange (CVE-2023-21707) - High [475]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 are RCE vulnerabilities in supported versions of Microsoft Exchange Server. CVE-2023-21710 received a CVSSv3 score of 7.2 while the other three CVEs were assigned CVSSv3 scores of 8.8. The vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable server, via a network call. CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 were given a rating of "Exploitation More Likely" on Microsoft's Exploitability Index.

tenable: CVE-2023-21529, CVE-2023-21706 and CVE-2023-21707 share similarities with CVE-2022-41082, an authenticated RCE publicly disclosed in September 2022 that was a part of the ProxyNotShell attack chain, a variant of the ProxyShell attack chain discovered in August 2021. Microsoft released mitigations in September to protect vulnerable servers until a patch was released in their November 2022 Patch Tuesday. A bypass of this mitigation, called OWASSRF (CVE-2022-41080), was then released in December 2022. Our recent blog on ProxyNotShell, OWASSRF and TabShell discusses these vulnerabilities in greater detail.

krebsonsecurity: Microsoft also has more valentines for organizations that rely on Microsoft Exchange Server to handle email. Redmond patched three Exchange Server flaws (CVE-2023-21706, CVE-2023-21707, and CVE-2023-21529), all of which Microsoft says are remote code execution flaws that are likely to be exploited.

11. Remote Code Execution - Microsoft Edge (CVE-2023-23374) - High [462]

Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-23374 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

12. Remote Code Execution - Windows MSHTML Platform (CVE-2023-21805) - High [462]

Description: Windows MSHTML Platform Remote Code Execution Vulnerability

13. Remote Code Execution - Windows Media (CVE-2023-21802) - High [462]

Description: Windows Media Remote Code Execution Vulnerability

14. Remote Code Execution - Windows Point-to-Point Tunneling Protocol (CVE-2023-21712) - High [462]

Description: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-21712 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

15. Elevation of Privilege - Microsoft Edge (CVE-2023-21795) - High [452]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796.

MS PT Extended: CVE-2023-21795 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

16. Remote Code Execution - Microsoft Word (CVE-2023-21716) - High [451]

Description: Microsoft Word Remote Code Execution Vulnerability

qualys: CVE-2023-21716 – Microsoft Word Remote Code Execution Vulnerability CVE-2023-21716 affects both Microsoft SharePoint and Microsoft Office Applications. The vulnerability can be used in a Preview Pane attack. An attacker can send a malicious RTF payload (e.g., via email) that allows the attacker to execute commands without minimal or no user interaction. Microsoft has also provided a workaround for this vulnerability. Administrators need to enforce a Microsoft Office File Block policy to prevent opening RTF documents from unknown or untrusted sources. More details about the policy can be found at MS08-026: How to prevent Word from loading RTF files. If attackers can develop exploits for this vulnerability, it may become a popular choice for them in future Phishing campaigns.  

qualys: CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10 Policy Compliance Control IDs (CIDs): 13470 Status of the ‘Set Default File Block Behavior’ setting 25698 Status of the ‘RTF files’ setting

tenable: CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability

tenable: CVE-2023-21716 is a RCE vulnerability in several versions of Microsoft Word, Sharepoint, 365 Apps and Office for Mac with a CVSSv3 score of 9.8. Although the vulnerable component is not specified, Microsoft states that the Preview Pane in these applications is an attack vector. The vulnerability can be exploited by an unauthenticated attacker sending an email with a rich text format (RTF) payload, which when opened, allows for command execution. The Microsoft advisory for this CVE links to MS08-026 and KB922849 for guidance on how to prevent Microsoft Office from opening RTF documents from unknown or untrusted sources by using the Microsoft Office File Block policy.

zdi: CVE-2023-21716 – Microsoft Word Remote Code Execution Vulnerability. Normally, Word bugs don’t attract too much attention – unless the Outlook Preview Pane is an attack vector, which is the case here. This CVSS 9.8 bug could be used by an attacker to get code execution at the level of the logged-on user without user interaction. When paired with a privilege escalation bug like the one mentioned above, an attacker could completely compromise a target. If you’re logged on as an admin, escalation isn’t needed, which is another reason why you shouldn’t be logged in as an admin for non-admin tasks.

krebsonsecurity: Microsoft fixed another Office vulnerability in CVE-2023-21716, which is a Microsoft Word bug that can lead to remote code execution — even if a booby-trapped Word document is merely viewed in the preview pane of Microsoft Outlook. This security hole has a CVSS (severity) score of 9.8 out of a possible 10.

17. Remote Code Execution - Microsoft Exchange (CVE-2023-21710) - High [448]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 are RCE vulnerabilities in supported versions of Microsoft Exchange Server. CVE-2023-21710 received a CVSSv3 score of 7.2 while the other three CVEs were assigned CVSSv3 scores of 8.8. The vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable server, via a network call. CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 were given a rating of "Exploitation More Likely" on Microsoft's Exploitability Index.

18. Remote Code Execution - Windows Distributed File System (DFS) (CVE-2023-21820) - High [448]

Description: Windows Distributed File System (DFS) Remote Code Execution Vulnerability

19. Remote Code Execution - Windows Fax Service (CVE-2023-21694) - High [448]

Description: Windows Fax Service Remote Code Execution Vulnerability

20. Remote Code Execution - .NET (CVE-2023-21808) - High [443]

Description: .NET and Visual Studio Remote Code Execution Vulnerability

qualys: CVE-2023-21808, CVE-2023-21815, CVE-2023-23381 – .NET / Visual Studio Remote Code Execution Vulnerability Microsoft has not detailed much information about these vulnerabilities. However, based on the limited information available, CVE-2023-21808, CVE-2023-21815, and CVE-2023-23381 seem similar in nature and require an attacker to trick the victim to trigger this vulnerability to execute code in the context of the application.

21. Remote Code Execution - Microsoft SQL (CVE-2023-21705) - High [437]

Description: Microsoft SQL Server Remote Code Execution Vulnerability

qualys: CVE-2023-21705 | Microsoft SQL Server Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 8.8/10 Policy Compliance Control IDs (CIDs): 2162 Current list of ‘Prohibited software applications installed’

22. Remote Code Execution - Microsoft SQL (CVE-2023-21713) - High [437]

Description: Microsoft SQL Server Remote Code Execution Vulnerability

qualys: CVE-2023-21713 | Microsoft SQL Server Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 8.8/10 Policy Compliance Control IDs (CIDs): 2162 Current list of ‘Prohibited software applications installed’

23. Remote Code Execution - Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21689) - High [432]

Description: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

qualys: CVE-2023-21692, CVE-2023-21690, CVE-2023-21689 – Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Microsoft PEAP is a secure implementation of Extensible Authentication Protocol (EAP) that provides encryption and authenticated Transport Layer Security (TLS) tunnel. CVE-2023-21692 and CVE-2023-21690 can be exploited by sending specially crafted malicious packets, whereas CVE-2023-21689 can be used to target server accounts through network calls to execute code remotely. All 3 vulnerabilities do not require special privileges or user interaction.

qualys: CVE-2023-21689 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10

tenable: CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol Remote Code Execution Vulnerability

tenable: CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 are RCE vulnerabilities in Windows operating systems and have been given a CVSSv3 score of 9.8. The flaw lies in the Protected Extensible Authentication Protocol (PEAP) server component, which is used to establish secure connections with wireless clients. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code. For a target to be vulnerable, it must be running Network Policy Server and configured with a network policy that allows PEAP. All three vulnerabilities were rated as "Exploitation More Likely" according to their advisories.

24. Remote Code Execution - Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21690) - High [432]

Description: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

qualys: CVE-2023-21692, CVE-2023-21690, CVE-2023-21689 – Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Microsoft PEAP is a secure implementation of Extensible Authentication Protocol (EAP) that provides encryption and authenticated Transport Layer Security (TLS) tunnel. CVE-2023-21692 and CVE-2023-21690 can be exploited by sending specially crafted malicious packets, whereas CVE-2023-21689 can be used to target server accounts through network calls to execute code remotely. All 3 vulnerabilities do not require special privileges or user interaction.

qualys: CVE-2023-21690 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10

tenable: CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol Remote Code Execution Vulnerability

tenable: CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 are RCE vulnerabilities in Windows operating systems and have been given a CVSSv3 score of 9.8. The flaw lies in the Protected Extensible Authentication Protocol (PEAP) server component, which is used to establish secure connections with wireless clients. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code. For a target to be vulnerable, it must be running Network Policy Server and configured with a network policy that allows PEAP. All three vulnerabilities were rated as "Exploitation More Likely" according to their advisories.

25. Remote Code Execution - Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21692) - High [432]

Description: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

qualys: CVE-2023-21692, CVE-2023-21690, CVE-2023-21689 – Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Microsoft PEAP is a secure implementation of Extensible Authentication Protocol (EAP) that provides encryption and authenticated Transport Layer Security (TLS) tunnel. CVE-2023-21692 and CVE-2023-21690 can be exploited by sending specially crafted malicious packets, whereas CVE-2023-21689 can be used to target server accounts through network calls to execute code remotely. All 3 vulnerabilities do not require special privileges or user interaction.

qualys: CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10 Policy Compliance Control IDs (CIDs): 25699 Status of the ‘Network authentication method’ for Wireless Network IEEE 802.11 group policy

tenable: CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol Remote Code Execution Vulnerability

tenable: CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 are RCE vulnerabilities in Windows operating systems and have been given a CVSSv3 score of 9.8. The flaw lies in the Protected Extensible Authentication Protocol (PEAP) server component, which is used to establish secure connections with wireless clients. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code. For a target to be vulnerable, it must be running Network Policy Server and configured with a network policy that allows PEAP. All three vulnerabilities were rated as "Exploitation More Likely" according to their advisories.

26. Security Feature Bypass - Microsoft Edge (CVE-2023-0131) - High [428]

Description: {'ms_cve_data_all': 'Chromium:CVE-2023-0131: Inappropriate implementation in iframe Sandbox. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0131 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

27. Security Feature Bypass - Microsoft Edge (CVE-2023-0132) - High [428]

Description: {'ms_cve_data_all': 'Chromium:CVE-2023-0132: Inappropriate implementation in Permission prompts. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0132 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

28. Security Feature Bypass - Microsoft Edge (CVE-2023-0133) - High [428]

Description: {'ms_cve_data_all': 'Chromium:CVE-2023-0133: Inappropriate implementation in Permission prompts. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0133 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

29. Security Feature Bypass - Microsoft Edge (CVE-2023-0139) - High [428]

Description: Chromium:CVE-2023-0139: Insufficient validation of untrusted input in Downloads. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0139 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

30. Security Feature Bypass - Microsoft Edge (CVE-2023-0140) - High [428]

Description: {'ms_cve_data_all': 'Chromium:CVE-2023-0140: Inappropriate implementation in File System API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0140 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

31. Security Feature Bypass - Microsoft Edge (CVE-2023-0704) - High [428]

Description: Chromium: CVE-2023-0704 Insufficient policy enforcement in DevTools. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0704 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

32. Security Feature Bypass - Microsoft Edge (CVE-2023-21719) - High [428]

Description: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.

MS PT Extended: CVE-2023-21719 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

33. Remote Code Execution - Microsoft SQL (CVE-2023-21528) - High [424]

Description: Microsoft SQL Server Remote Code Execution Vulnerability

34. Remote Code Execution - Microsoft SQL (CVE-2023-21718) - High [424]

Description: Microsoft SQL ODBC Driver Remote Code Execution Vulnerability

qualys: CVE-2023-21718 – Microsoft SQL ODBC Driver Remote Code Execution Vulnerability The vulnerability affects the Microsoft Open Database Connectivity (ODBC) interface, which allows applications to access data from various types of database management systems (DBMSs). The vulnerability can be exploited by an attacker tricking an unauthenticated user into connecting to an attacker controlled rogue SQL Database. The attacker can then return malicious data to a client (user) and cause arbitrary code execution on it.  

35. Denial of Service - Active Directory (CVE-2023-21816) - High [420]

Description: Windows Active Directory Domain Services API Denial of Service Vulnerability

36. Remote Code Execution - Microsoft ODBC Driver (CVE-2023-21797) - High [418]

Description: Microsoft ODBC Driver Remote Code Execution Vulnerability

37. Remote Code Execution - Microsoft ODBC Driver (CVE-2023-21798) - High [418]

Description: Microsoft ODBC Driver Remote Code Execution Vulnerability

38. Remote Code Execution - Microsoft PostScript Printer Driver (CVE-2023-21684) - High [418]

Description: Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

39. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2023-21685) - High [418]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

40. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2023-21686) - High [418]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

41. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2023-21799) - High [418]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

42. Remote Code Execution - Git (CVE-2022-23521) - High [413]

Description: Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.

43. Remote Code Execution - Microsoft SQL (CVE-2023-21568) - High [410]

Description: Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

44. Remote Code Execution - 3D Builder (CVE-2023-23377) - High [405]

Description: 3D Builder Remote Code Execution Vulnerability

45. Remote Code Execution - 3D Builder (CVE-2023-23390) - High [405]

Description: 3D Builder Remote Code Execution Vulnerability

46. Remote Code Execution - Azure DevOps Server (CVE-2023-21553) - High [405]

Description: Azure DevOps Server Remote Code Execution Vulnerability

47. Remote Code Execution - Microsoft Dynamics Unified Service Desk (CVE-2023-21778) - High [405]

Description: Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability

48. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2023-21704) - High [405]

Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

49. Remote Code Execution - Microsoft PostScript Printer Driver (CVE-2023-21801) - High [405]

Description: Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

50. Remote Code Execution - Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21695) - High [405]

Description: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

tenable: An additional RCE affecting PEAP, CVE-2023-21695, has also been patched this month. However, exploitation for this flaw does require authentication. All four of these CVEs could be exploited using a crafted PEAP packet sent to an unpatched host.

51. Remote Code Execution - Print 3D (CVE-2023-23378) - High [405]

Description: Print 3D Remote Code Execution Vulnerability

52. Denial of Service - Windows Secure Channel (CVE-2023-21813) - High [401]

Description: Windows Secure Channel Denial of Service Vulnerability

53. Denial of Service - Windows Secure Channel (CVE-2023-21818) - High [401]

Description: Windows Secure Channel Denial of Service Vulnerability

54. Denial of Service - Windows Secure Channel (CVE-2023-21819) - High [401]

Description: Windows Secure Channel Denial of Service Vulnerability

55. Denial of Service - Windows iSCSI Discovery Service (CVE-2023-21700) - High [401]

Description: Windows iSCSI Discovery Service Denial of Service Vulnerability

56. Denial of Service - Windows iSCSI Service (CVE-2023-21702) - High [401]

Description: Windows iSCSI Service Denial of Service Vulnerability

57. Denial of Service - Windows iSCSI Service (CVE-2023-21811) - High [401]

Description: Windows iSCSI Service Denial of Service Vulnerability

Medium (55)

58. Elevation of Privilege - Kerberos (CVE-2023-21817) - Medium [398]

Description: Windows Kerberos Elevation of Privilege Vulnerability

59. Memory Corruption - Microsoft Edge (CVE-2023-0134) - Medium [394]

Description: Chromium:CVE-2023-0134: Use after free in Cart. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0134 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

60. Memory Corruption - Microsoft Edge (CVE-2023-0135) - Medium [394]

Description: Chromium:CVE-2023-0135: Use after free in Cart. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0135 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

61. Memory Corruption - Microsoft Edge (CVE-2023-0138) - Medium [394]

Description: Chromium:CVE-2023-0138: Heap buffer overflow in libphonenumber. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0138 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

62. Memory Corruption - Microsoft Edge (CVE-2023-0471) - Medium [394]

Description: Chromium: CVE-2023-0471 Use after free in WebTransport. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0471 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

63. Memory Corruption - Microsoft Edge (CVE-2023-0472) - Medium [394]

Description: Chromium: CVE-2023-0472 Use after free in WebRTC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0472 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

64. Memory Corruption - Microsoft Edge (CVE-2023-0473) - Medium [394]

Description: Chromium: CVE-2023-0473: Type Confusion in ServiceWorker. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0473 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

65. Memory Corruption - Microsoft Edge (CVE-2023-0474) - Medium [394]

Description: Chromium: CVE-2023-0474 Use after free in GuestView. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0474 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

66. Memory Corruption - Microsoft Edge (CVE-2023-0696) - Medium [394]

Description: Chromium: CVE-2023-0696 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0696 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

67. Memory Corruption - Microsoft Edge (CVE-2023-0698) - Medium [394]

Description: Chromium: CVE-2023-0698 Out of bounds read in WebRTC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0698 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

68. Memory Corruption - Microsoft Edge (CVE-2023-0699) - Medium [394]

Description: Chromium: CVE-2023-0699 Use after free in GPU. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0699 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

69. Memory Corruption - Microsoft Edge (CVE-2023-0701) - Medium [394]

Description: Chromium: CVE-2023-0701 Heap buffer overflow in WebUI. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0701 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

70. Memory Corruption - Microsoft Edge (CVE-2023-0702) - Medium [394]

Description: Chromium: CVE-2023-0702 Type Confusion in Data Transfer. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0702 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

71. Memory Corruption - Microsoft Edge (CVE-2023-0703) - Medium [394]

Description: Chromium: CVE-2023-0703 Type Confusion in DevTools. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0703 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

72. Remote Code Execution - Azure Data Box Gateway (CVE-2023-21703) - Medium [391]

Description: Azure Data Box Gateway Remote Code Execution Vulnerability

73. Information Disclosure - Microsoft HoloLens 1 (CVE-2019-15126) - Medium [389]

Description: MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device. An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic. Broadcom no longer supports their hardware on any Windows platforms. As such there is no security update available to address this vulnerability. We recommend that customers using HoloLens 1 devices with this WiFi client device do the following to protect themselves from this vulnerability: Update Wi-Fi routers to mitigate security vulnerabilities (for example, FragAttacks). Use WPA2-Enterprise with certificate-based authentication for HoloLens Wi-Fi. Don’t connect your HoloLens device to untrusted Wi-Fi networks. Don’t reuse Wi-Fi passwords. Don't use plain text HTTP connection. Enable Kiosk mode on your HoloLens device and prevent users from using apps that expose URL links.

74. Security Feature Bypass - Microsoft Edge (CVE-2023-0141) - Medium [387]

Description: Chromium:CVE-2023-0141: Insufficient policy enforcement in CORS. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-0141 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

75. Security Feature Bypass - Microsoft Defender for Endpoint (CVE-2023-21809) - Medium [385]

Description: Microsoft Defender for Endpoint Security Feature Bypass Vulnerability

76. Memory Corruption - Microsoft Edge (CVE-2023-0705) - Medium [381]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-0705 Integer overflow in Core. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0705 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

77. Spoofing - Microsoft Edge (CVE-2023-21794) - Medium [378]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

MS PT Extended: CVE-2023-21794 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

78. Denial of Service - Visual Studio (CVE-2023-21567) - Medium [371]

Description: Visual Studio Denial of Service Vulnerability

79. Tampering - Microsoft Edge (CVE-2023-21720) - Medium [371]

Description: Microsoft Edge (Chromium-based) Tampering Vulnerability

MS PT Extended: CVE-2023-21720 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

80. Remote Code Execution - Visual Studio (CVE-2023-21815) - Medium [367]

Description: Visual Studio Remote Code Execution Vulnerability

qualys: CVE-2023-21808, CVE-2023-21815, CVE-2023-23381 – .NET / Visual Studio Remote Code Execution Vulnerability Microsoft has not detailed much information about these vulnerabilities. However, based on the limited information available, CVE-2023-21808, CVE-2023-21815, and CVE-2023-23381 seem similar in nature and require an attacker to trick the victim to trigger this vulnerability to execute code in the context of the application.

81. Remote Code Execution - Visual Studio (CVE-2023-23381) - Medium [367]

Description: Visual Studio Remote Code Execution Vulnerability

qualys: CVE-2023-21808, CVE-2023-21815, CVE-2023-23381 – .NET / Visual Studio Remote Code Execution Vulnerability Microsoft has not detailed much information about these vulnerabilities. However, based on the limited information available, CVE-2023-21808, CVE-2023-21815, and CVE-2023-23381 seem similar in nature and require an attacker to trick the victim to trigger this vulnerability to execute code in the context of the application.

82. Elevation of Privilege - Microsoft Edge (CVE-2023-21796) - Medium [360]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795.

MS PT Extended: CVE-2023-21796 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

83. Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-21812) - Medium [360]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

84. Elevation of Privilege - Windows Graphics Component (CVE-2023-21804) - Medium [360]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

qualys: CVE-2023-21804 | Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability has a CVSSv3.1 7.8/10 Policy Compliance Control IDs (CIDs): 25703 Status of the ‘Microsoft XPS Document Writer’ feature

85. Elevation of Privilege - Windows Graphics Component (CVE-2023-21822) - Medium [360]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

86. Elevation of Privilege - Windows Installer (CVE-2023-21800) - Medium [360]

Description: Windows Installer Elevation of Privilege Vulnerability

87. Elevation of Privilege - Microsoft SharePoint (CVE-2023-21717) - Medium [355]

Description: Microsoft SharePoint Server Elevation of Privilege Vulnerability

rapid7: SharePoint Server makes another appearance today with CVE-2023-21717, which allows an authenticated user with the Manage List permission to achieve RCE. Admins responsible for a SharePoint Server 2013 instance may be interested in the FAQ, which includes what Microsoft optimistically describes as a clarification of the existing servicing model for SharePoint Server 2013.

88. Information Disclosure - Microsoft PostScript Printer Driver (CVE-2023-21693) - Medium [348]

Description: Microsoft PostScript Printer Driver Information Disclosure Vulnerability

89. Denial of Service - .NET Framework (CVE-2023-21722) - Medium [347]

Description: .NET Framework Denial of Service Vulnerability

90. Denial of Service - Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21701) - Medium [344]

Description: Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability

91. Elevation of Privilege - Microsoft Defender for IoT (CVE-2023-23379) - Medium [333]

Description: Microsoft Defender for IoT Elevation of Privilege Vulnerability

92. Spoofing - Microsoft Edge (CVE-2023-0130) - Medium [327]

Description: {'ms_cve_data_all': 'Chromium:CVE-2023-0130: Inappropriate implementation in Fullscreen API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': 'Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0130 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

93. Spoofing - Microsoft Edge (CVE-2023-0697) - Medium [327]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-0697 Inappropriate implementation in Full screen mode. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0697 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

94. Spoofing - Microsoft Edge (CVE-2023-0700) - Medium [327]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-0700 Inappropriate implementation in Download. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-0700 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

95. Elevation of Privilege - Azure App Service on Azure Stack Hub (CVE-2023-21777) - Medium [317]

Description: Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability

96. Information Disclosure - Windows Internet Storage Name Service (iSNS) Server (CVE-2023-21697) - Medium [313]

Description: Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability

97. Elevation of Privilege - NT OS Kernel (CVE-2023-21688) - Medium [304]

Description: NT OS Kernel Elevation of Privilege Vulnerability

98. Information Disclosure - Windows Internet Storage Name Service (iSNS) Server (CVE-2023-21699) - Medium [300]

Description: Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability

99. Elevation of Privilege - Microsoft OneNote (CVE-2023-21721) - Medium [290]

Description: Microsoft OneNote Elevation of Privilege Vulnerability

100. Information Disclosure - Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21691) - Medium [283]

Description: Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability

101. Spoofing - Power BI Report Server (CVE-2023-21806) - Medium [283]

Description: Power BI Report Server Spoofing Vulnerability

102. Remote Code Execution - Git (CVE-2023-41953) - Medium [278]

Description: GitHub: CVE-2022-41953 Git GUI Clone Remote Code Execution Vulnerability

103. Information Disclosure - Microsoft Office (CVE-2023-21714) - Medium [275]

Description: Microsoft Office Information Disclosure Vulnerability

104. Cross Site Scripting - Azure DevOps Server (CVE-2023-21564) - Medium [270]

Description: Azure DevOps Server Cross-Site Scripting Vulnerability

105. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2023-21572) - Medium [270]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

106. Information Disclosure - Azure Machine Learning Compute Instance (CVE-2023-23382) - Medium [270]

Description: Azure Machine Learning Compute Instance Information Disclosure Vulnerability

107. Elevation of Privilege - Visual Studio (CVE-2023-21566) - Medium [266]

Description: Visual Studio Elevation of Privilege Vulnerability

108. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2023-21807) - Medium [256]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

109. Information Disclosure - HTTP.sys (CVE-2023-21687) - Medium [256]

Description: HTTP.sys Information Disclosure Vulnerability

110. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2023-21570) - Medium [243]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

111. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2023-21571) - Medium [243]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

112. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2023-21573) - Medium [243]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Low (0)

Exploitation in the wild detected (4)

Remote Code Execution (1)

• Windows Graphics Component (CVE-2023-21823)

qualys: Other Microsoft Vulnerability Highlights  Microsoft has patched a total 3 zero-day vulnerabilities that are confirmed to be exploited: CVE-2023-21823 is a vulnerability that affects Windows Graphic component used in various products such as Windows OS, Office desktop, and Mobile Apps. The vulnerability helps the attacker gain and execute code with SYSTEM privileges. CVE-2023-21715, a Security Features Bypass Vulnerability in Microsoft Publisher that lets attackers bypass Office macro policies used to block untrusted or malicious files. Microsoft has additionally mentioned that the vulnerability can be triggered using social engineering attacks to trick the victim into downloading a specially crafted file from a website. CVE-2023-23376, an Elevation of Privilege vulnerability, is the Windows Common Log File System Driver that allows attackers to gain SYSTEM privileges. No other information has been made public by Microsoft. Microsoft has also disclosed a vulnerability that affects the end-of-life application Print 3D. Microsoft has affirmed that it will not release a patch to fix the vulnerability and that customers should update to the 3D Builder app. Microsoft Dynamic has got fixes for 6 Cross-site Scripting Vulnerabilities. Microsoft has fixed 4 remote code execution bugs in Exchange Server. Azure DevOps has received patches for a Cross-site Scripting and Remote Code Execution vulnerability. Lastly, a spoofing vulnerability in Power BI Report Server has been addressed. This month, nearly half of the CVEs disclosed by Microsoft are Remote Code Execution Vulnerabilities. We continue to see double-digit numbers in terms of fixes in the Elevation of Privilege and Denial of Server vulnerabilities.

tenable: CVE-2023-21823 | Windows Graphics Component Elevation of Privilege Vulnerability

tenable: CVE-2023-21823 is an EoP vulnerability in the Microsoft Windows Graphics Component. It received a CVSSv3 score of 7.8 and was exploited in the wild as a zero day. Exploitation of this flaw requires an attacker to log onto a vulnerable system and execute a specially crafted application. Successful exploitation would grant an attacker the ability to to run processes in an elevated context. While details have not been shared, the flaw is credited to researchers Genwei Jiang and Dhanesh Kizhakkinan of Mandiant.

rapid7: CVE-2023-21823 is described as a Remote Code Execution (RCE) vulnerability in Windows Graphics Component, but has Attack Vector listed as Local. This apparent inconsistency is often accompanied with a clarification like: “The word Remote in the title refers to the location of the attacker. [...] The attack itself is carried out locally.” No such clarification is available in this case, but this is likely applicable here also. Microsoft also notes the existence of mature exploit code.

krebsonsecurity: The third zero-day flaw already seeing exploitation is CVE-2023-21823, which is another elevation of privilege weakness — this one in the Microsoft Windows Graphic component. Researchers at cybersecurity forensics firm Mandiant were credited with reporting the bug.

krebsonsecurity: Kevin Breen, director of cyber threat research at Immersive Labs, pointed out that the security bulletin for CVE-2023-21823 specifically calls out OneNote as being a vulnerable component for the vulnerability.

Memory Corruption (1)

• Microsoft Edge (CVE-2023-0129)

MS PT Extended: CVE-2023-0129 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

Security Feature Bypass (1)

• Microsoft Publisher (CVE-2023-21715)

qualys: Other Microsoft Vulnerability Highlights  Microsoft has patched a total 3 zero-day vulnerabilities that are confirmed to be exploited: CVE-2023-21823 is a vulnerability that affects Windows Graphic component used in various products such as Windows OS, Office desktop, and Mobile Apps. The vulnerability helps the attacker gain and execute code with SYSTEM privileges. CVE-2023-21715, a Security Features Bypass Vulnerability in Microsoft Publisher that lets attackers bypass Office macro policies used to block untrusted or malicious files. Microsoft has additionally mentioned that the vulnerability can be triggered using social engineering attacks to trick the victim into downloading a specially crafted file from a website. CVE-2023-23376, an Elevation of Privilege vulnerability, is the Windows Common Log File System Driver that allows attackers to gain SYSTEM privileges. No other information has been made public by Microsoft. Microsoft has also disclosed a vulnerability that affects the end-of-life application Print 3D. Microsoft has affirmed that it will not release a patch to fix the vulnerability and that customers should update to the 3D Builder app. Microsoft Dynamic has got fixes for 6 Cross-site Scripting Vulnerabilities. Microsoft has fixed 4 remote code execution bugs in Exchange Server. Azure DevOps has received patches for a Cross-site Scripting and Remote Code Execution vulnerability. Lastly, a spoofing vulnerability in Power BI Report Server has been addressed. This month, nearly half of the CVEs disclosed by Microsoft are Remote Code Execution Vulnerabilities. We continue to see double-digit numbers in terms of fixes in the Elevation of Privilege and Denial of Server vulnerabilities.

tenable: CVE-2023-21715 | Microsoft Office Security Feature Bypass Vulnerability

tenable: CVE-2023-21715 is a security feature bypass vulnerability in Microsoft Office that was given a CVSSv3 score of 7.3 and was exploited in the wild. To be exploited, the vulnerability requires a local, authenticated user to download and open an attacker-created file on a vulnerable system. An attacker would need to entice the user to download and execute the file in order to successfully exploit this flaw. This flaw is credited to Hidetake Jo.

rapid7: One zero-day vulnerability is a Security Features Bypass vulnerability in Microsoft Publisher. Successful exploitation of CVE-2023-21715 allows an attacker to bypass Office macro defenses using a specially-crafted document and run code which would otherwise be blocked by policy. Only Publisher installations delivered as part of Microsoft 365 Apps for Enterprise are listed as affected.

zdi: CVE-2023-21715 – Microsoft Office Security Feature Bypass Vulnerability. Microsoft lists this as under active exploit, but they offer no info on how widespread these exploits may be. Based on the write-up, it sounds more like a privilege escalation than a security feature bypass, but regardless, active attacks in a common enterprise application shouldn’t be ignored. It’s always alarming when a security feature is not just bypassed but exploited. Let’s hope the fix comprehensively addresses the problem.

krebsonsecurity: The zero-day CVE-2023-21715 is a weakness in Microsoft Office that Redmond describes as a “security feature bypass vulnerability.”

Elevation of Privilege (1)

• Windows Common Log File System Driver (CVE-2023-23376)

qualys: Other Microsoft Vulnerability Highlights  Microsoft has patched a total 3 zero-day vulnerabilities that are confirmed to be exploited: CVE-2023-21823 is a vulnerability that affects Windows Graphic component used in various products such as Windows OS, Office desktop, and Mobile Apps. The vulnerability helps the attacker gain and execute code with SYSTEM privileges. CVE-2023-21715, a Security Features Bypass Vulnerability in Microsoft Publisher that lets attackers bypass Office macro policies used to block untrusted or malicious files. Microsoft has additionally mentioned that the vulnerability can be triggered using social engineering attacks to trick the victim into downloading a specially crafted file from a website. CVE-2023-23376, an Elevation of Privilege vulnerability, is the Windows Common Log File System Driver that allows attackers to gain SYSTEM privileges. No other information has been made public by Microsoft. Microsoft has also disclosed a vulnerability that affects the end-of-life application Print 3D. Microsoft has affirmed that it will not release a patch to fix the vulnerability and that customers should update to the 3D Builder app. Microsoft Dynamic has got fixes for 6 Cross-site Scripting Vulnerabilities. Microsoft has fixed 4 remote code execution bugs in Exchange Server. Azure DevOps has received patches for a Cross-site Scripting and Remote Code Execution vulnerability. Lastly, a spoofing vulnerability in Power BI Report Server has been addressed. This month, nearly half of the CVEs disclosed by Microsoft are Remote Code Execution Vulnerabilities. We continue to see double-digit numbers in terms of fixes in the Elevation of Privilege and Denial of Server vulnerabilities.

tenable: Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)

tenable: CVE-2023-23376 | Windows Common Log File System Driver Elevation of Privilege Vulnerability

tenable: CVE-2023-23376 is an EoP vulnerability in Windows operating systems receiving a CVSSv3 score of 7.8 that has been exploited in the wild. The vulnerability exists in the Common Log File System (CLFS) Driver, a logging service used by kernel-mode and user-mode applications. This vulnerability can be exploited after an attacker has gained access to a vulnerable target in order to elevate to SYSTEM privileges.

rapid7: CVE-2023-23376 describes a vulnerability in the Windows Common Log File System Driver which allows Local Privilege Escalation (LPE) to SYSTEM. Although Microsoft isn’t necessarily aware of mature exploit code at time of publication, this is worth patching at the first opportunity, since it affects essentially all current Windows hosts.

zdi: CVE-2023-23376 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. This is the other bug under active attack in February, and sadly, there’s just a little solid information about this privilege escalation. Microsoft does note that the vulnerability would allow an attacker to exploit code as SYSTEM, which would allow them to completely take over a target. This is likely being chained with an RCE bug to spread malware or ransomware. Considering this was discovered by Microsoft’s Threat Intelligence Center (aka MSTIC), it could mean it was used by advanced threat actors. Either way, make sure you test and roll these fixes quickly.

krebsonsecurity: Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs. Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver, which is present in Windows 10 and 11 systems, as well as many server versions of Windows.

Public exploit exists, but exploitation in the wild is NOT detected (1)

Information Disclosure (1)

• Microsoft HoloLens 1 (CVE-2019-15126)

Other Vulnerabilities (107)

Remote Code Execution (42)

• Microsoft Edge (CVE-2023-0136, CVE-2023-21775, CVE-2023-23374)

MS PT Extended: CVE-2023-0136 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-23374 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-21775 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

• Windows iSCSI Discovery Service (CVE-2023-21803)

qualys: CVE-2023-21803 – Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows iSCSI Discovery Service is a Windows Service that allows non-SMB Clients to access storage on a Windows host. The vulnerability affects only 32 bits versions of Windows. The vulnerability can be exploited by sending a maliciously crafted DHCP discovery request to a Windows Host running iSCSI Discovery Service. On successful exploitation, it will allow an attacker to execute code remotely. The vulnerability can only be exploited if the iSCSI Initiator client application is running. iSCSI Initiator client application is not enabled by default.

qualys: CVE-2023-21803 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10 Policy Compliance Control IDs (CIDs): 4046 Status of the ‘Microsoft iSCSI Initiator Service’ The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: The next Patch Tuesday falls on March 14th, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the This Month in Vulnerabilities and Patches webinar.

• Microsoft Exchange (CVE-2023-21529, CVE-2023-21706, CVE-2023-21707, CVE-2023-21710)

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability

tenable: CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 are RCE vulnerabilities in supported versions of Microsoft Exchange Server. CVE-2023-21710 received a CVSSv3 score of 7.2 while the other three CVEs were assigned CVSSv3 scores of 8.8. The vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable server, via a network call. CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 were given a rating of "Exploitation More Likely" on Microsoft's Exploitability Index.

tenable: CVE-2023-21529, CVE-2023-21706 and CVE-2023-21707 share similarities with CVE-2022-41082, an authenticated RCE publicly disclosed in September 2022 that was a part of the ProxyNotShell attack chain, a variant of the ProxyShell attack chain discovered in August 2021. Microsoft released mitigations in September to protect vulnerable servers until a patch was released in their November 2022 Patch Tuesday. A bypass of this mitigation, called OWASSRF (CVE-2022-41080), was then released in December 2022. Our recent blog on ProxyNotShell, OWASSRF and TabShell discusses these vulnerabilities in greater detail.

zdi: CVE-2023-21529 – Microsoft Exchange Server Remote Code Execution Vulnerability. There are multiple Exchange RCE bugs getting fixes this month, but this one reported by ZDI’s Piotr Bazydło stands out as it results from an incomplete fix in Exchange from last fall. While this vulnerability does require authentication, it allows any user with access to the Exchange PowerShell backend to take over an Exchange server. I know applying Exchange patches isn’t fun and usually requires weekend downtime, but these updates should still be considered a priority.

krebsonsecurity: Microsoft also has more valentines for organizations that rely on Microsoft Exchange Server to handle email. Redmond patched three Exchange Server flaws (CVE-2023-21706, CVE-2023-21707, and CVE-2023-21529), all of which Microsoft says are remote code execution flaws that are likely to be exploited.

• Windows MSHTML Platform (CVE-2023-21805)
• Windows Media (CVE-2023-21802)
• Windows Point-to-Point Tunneling Protocol (CVE-2023-21712)

MS PT Extended: CVE-2023-21712 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

• Microsoft Word (CVE-2023-21716)

qualys: CVE-2023-21716 – Microsoft Word Remote Code Execution Vulnerability CVE-2023-21716 affects both Microsoft SharePoint and Microsoft Office Applications. The vulnerability can be used in a Preview Pane attack. An attacker can send a malicious RTF payload (e.g., via email) that allows the attacker to execute commands without minimal or no user interaction. Microsoft has also provided a workaround for this vulnerability. Administrators need to enforce a Microsoft Office File Block policy to prevent opening RTF documents from unknown or untrusted sources. More details about the policy can be found at MS08-026: How to prevent Word from loading RTF files. If attackers can develop exploits for this vulnerability, it may become a popular choice for them in future Phishing campaigns.  

qualys: CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10 Policy Compliance Control IDs (CIDs): 13470 Status of the ‘Set Default File Block Behavior’ setting 25698 Status of the ‘RTF files’ setting

tenable: CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability

tenable: CVE-2023-21716 is a RCE vulnerability in several versions of Microsoft Word, Sharepoint, 365 Apps and Office for Mac with a CVSSv3 score of 9.8. Although the vulnerable component is not specified, Microsoft states that the Preview Pane in these applications is an attack vector. The vulnerability can be exploited by an unauthenticated attacker sending an email with a rich text format (RTF) payload, which when opened, allows for command execution. The Microsoft advisory for this CVE links to MS08-026 and KB922849 for guidance on how to prevent Microsoft Office from opening RTF documents from unknown or untrusted sources by using the Microsoft Office File Block policy.

zdi: CVE-2023-21716 – Microsoft Word Remote Code Execution Vulnerability. Normally, Word bugs don’t attract too much attention – unless the Outlook Preview Pane is an attack vector, which is the case here. This CVSS 9.8 bug could be used by an attacker to get code execution at the level of the logged-on user without user interaction. When paired with a privilege escalation bug like the one mentioned above, an attacker could completely compromise a target. If you’re logged on as an admin, escalation isn’t needed, which is another reason why you shouldn’t be logged in as an admin for non-admin tasks.

krebsonsecurity: Microsoft fixed another Office vulnerability in CVE-2023-21716, which is a Microsoft Word bug that can lead to remote code execution — even if a booby-trapped Word document is merely viewed in the preview pane of Microsoft Outlook. This security hole has a CVSS (severity) score of 9.8 out of a possible 10.

• Windows Distributed File System (DFS) (CVE-2023-21820)
• Windows Fax Service (CVE-2023-21694)
• .NET (CVE-2023-21808)

qualys: CVE-2023-21808, CVE-2023-21815, CVE-2023-23381 – .NET / Visual Studio Remote Code Execution Vulnerability Microsoft has not detailed much information about these vulnerabilities. However, based on the limited information available, CVE-2023-21808, CVE-2023-21815, and CVE-2023-23381 seem similar in nature and require an attacker to trick the victim to trigger this vulnerability to execute code in the context of the application.

• Microsoft SQL (CVE-2023-21528, CVE-2023-21568, CVE-2023-21705, CVE-2023-21713, CVE-2023-21718)

qualys: CVE-2023-21718 – Microsoft SQL ODBC Driver Remote Code Execution Vulnerability The vulnerability affects the Microsoft Open Database Connectivity (ODBC) interface, which allows applications to access data from various types of database management systems (DBMSs). The vulnerability can be exploited by an attacker tricking an unauthenticated user into connecting to an attacker controlled rogue SQL Database. The attacker can then return malicious data to a client (user) and cause arbitrary code execution on it.  

qualys: CVE-2023-21713 | Microsoft SQL Server Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 8.8/10 Policy Compliance Control IDs (CIDs): 2162 Current list of ‘Prohibited software applications installed’

qualys: CVE-2023-21705 | Microsoft SQL Server Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 8.8/10 Policy Compliance Control IDs (CIDs): 2162 Current list of ‘Prohibited software applications installed’

• Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21689, CVE-2023-21690, CVE-2023-21692, CVE-2023-21695)

qualys: CVE-2023-21692, CVE-2023-21690, CVE-2023-21689 – Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Microsoft PEAP is a secure implementation of Extensible Authentication Protocol (EAP) that provides encryption and authenticated Transport Layer Security (TLS) tunnel. CVE-2023-21692 and CVE-2023-21690 can be exploited by sending specially crafted malicious packets, whereas CVE-2023-21689 can be used to target server accounts through network calls to execute code remotely. All 3 vulnerabilities do not require special privileges or user interaction.

qualys: CVE-2023-21689 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10

qualys: CVE-2023-21690 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10

qualys: CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8/10 Policy Compliance Control IDs (CIDs): 25699 Status of the ‘Network authentication method’ for Wireless Network IEEE 802.11 group policy

tenable: CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol Remote Code Execution Vulnerability

tenable: CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 are RCE vulnerabilities in Windows operating systems and have been given a CVSSv3 score of 9.8. The flaw lies in the Protected Extensible Authentication Protocol (PEAP) server component, which is used to establish secure connections with wireless clients. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code. For a target to be vulnerable, it must be running Network Policy Server and configured with a network policy that allows PEAP. All three vulnerabilities were rated as "Exploitation More Likely" according to their advisories.

tenable: An additional RCE affecting PEAP, CVE-2023-21695, has also been patched this month. However, exploitation for this flaw does require authentication. All four of these CVEs could be exploited using a crafted PEAP packet sent to an unpatched host.

• Microsoft ODBC Driver (CVE-2023-21797, CVE-2023-21798)
• Microsoft PostScript Printer Driver (CVE-2023-21684, CVE-2023-21801)
• Microsoft WDAC OLE DB provider for SQL Server (CVE-2023-21685, CVE-2023-21686, CVE-2023-21799)
• Git (CVE-2022-23521, CVE-2023-41953)
• 3D Builder (CVE-2023-23377, CVE-2023-23390)
• Azure DevOps Server (CVE-2023-21553)
• Microsoft Dynamics Unified Service Desk (CVE-2023-21778)
• Microsoft ODBC Driver for SQL Server (CVE-2023-21704)
• Print 3D (CVE-2023-23378)
• Azure Data Box Gateway (CVE-2023-21703)
• Visual Studio (CVE-2023-21815, CVE-2023-23381)

qualys: CVE-2023-21808, CVE-2023-21815, CVE-2023-23381 – .NET / Visual Studio Remote Code Execution Vulnerability Microsoft has not detailed much information about these vulnerabilities. However, based on the limited information available, CVE-2023-21808, CVE-2023-21815, and CVE-2023-23381 seem similar in nature and require an attacker to trick the victim to trigger this vulnerability to execute code in the context of the application.

Elevation of Privilege (13)

• Microsoft Edge (CVE-2023-21795, CVE-2023-21796)

MS PT Extended: CVE-2023-21796 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-21795 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

• Kerberos (CVE-2023-21817)
• Windows Common Log File System Driver (CVE-2023-21812)
• Windows Graphics Component (CVE-2023-21804, CVE-2023-21822)

qualys: CVE-2023-21804 | Windows Graphics Component Elevation of Privilege Vulnerability This vulnerability has a CVSSv3.1 7.8/10 Policy Compliance Control IDs (CIDs): 25703 Status of the ‘Microsoft XPS Document Writer’ feature

• Windows Installer (CVE-2023-21800)
• Microsoft SharePoint (CVE-2023-21717)

rapid7: SharePoint Server makes another appearance today with CVE-2023-21717, which allows an authenticated user with the Manage List permission to achieve RCE. Admins responsible for a SharePoint Server 2013 instance may be interested in the FAQ, which includes what Microsoft optimistically describes as a clarification of the existing servicing model for SharePoint Server 2013.

• Microsoft Defender for IoT (CVE-2023-23379)
• Azure App Service on Azure Stack Hub (CVE-2023-21777)
• NT OS Kernel (CVE-2023-21688)
• Microsoft OneNote (CVE-2023-21721)
• Visual Studio (CVE-2023-21566)

Security Feature Bypass (9)

• Microsoft Edge (CVE-2023-0131, CVE-2023-0132, CVE-2023-0133, CVE-2023-0139, CVE-2023-0140, CVE-2023-0141, CVE-2023-0704, CVE-2023-21719)

MS PT Extended: CVE-2023-0132 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-21719 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0131 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0704 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0133 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0139 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0140 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0141 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

• Microsoft Defender for Endpoint (CVE-2023-21809)

Denial of Service (10)

• Active Directory (CVE-2023-21816)
• Windows Secure Channel (CVE-2023-21813, CVE-2023-21818, CVE-2023-21819)
• Windows iSCSI Discovery Service (CVE-2023-21700)
• Windows iSCSI Service (CVE-2023-21702, CVE-2023-21811)
• Visual Studio (CVE-2023-21567)
• .NET Framework (CVE-2023-21722)
• Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21701)

Memory Corruption (14)

• Microsoft Edge (CVE-2023-0134, CVE-2023-0135, CVE-2023-0138, CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0705)

MS PT Extended: CVE-2023-0699 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0698 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0705 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0135 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0134 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0138 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0474 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0702 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0701 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0471 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0703 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0473 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0696 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0472 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

Spoofing (5)

• Microsoft Edge (CVE-2023-0130, CVE-2023-0697, CVE-2023-0700, CVE-2023-21794)

MS PT Extended: CVE-2023-0700 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0697 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-21794 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

MS PT Extended: CVE-2023-0130 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

• Power BI Report Server (CVE-2023-21806)

Tampering (1)

• Microsoft Edge (CVE-2023-21720)

MS PT Extended: CVE-2023-21720 was published before February 2023 Patch Tuesday from 2023-01-11 to 2023-02-13

Information Disclosure (7)

• Microsoft PostScript Printer Driver (CVE-2023-21693)
• Windows Internet Storage Name Service (iSNS) Server (CVE-2023-21697, CVE-2023-21699)
• Microsoft Protected Extensible Authentication Protocol (PEAP) (CVE-2023-21691)
• Microsoft Office (CVE-2023-21714)
• Azure Machine Learning Compute Instance (CVE-2023-23382)
• HTTP.sys (CVE-2023-21687)

Cross Site Scripting (6)

• Azure DevOps Server (CVE-2023-21564)
• Microsoft Dynamics 365 (on-premises) (CVE-2023-21570, CVE-2023-21571, CVE-2023-21572, CVE-2023-21573, CVE-2023-21807)