December 2, 2023

Microsoft addresses 75 CVEs as a part of this year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different zero-day vulnerabilities that are already being used in active attacks.

This month’s update includes patches for:

  • .NET and Visual Studio
  • .NET Framework
  • 3D Builder
  • Azure App Service
  • Azure Data Box Gateway
  • Azure DevOps
  • Azure Machine Learning
  • HoloLens
  • Internet Storage Name Service
  • Microsoft Defender for Endpoint
  • Microsoft Defender for IoT
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office OneNote
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft PostScript Printer Driver
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows Codecs Library
  • Power BI
  • SQL Server
  • Visual Studio
  • Windows Active Directory
  • Windows ALPC
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows Distributed File System (DFS)
  • Windows Fax and Scan Service
  • Windows HTTP.sys
  • Windows Installer
  • Windows iSCSI
  • Windows Kerberos
  • Windows MSHTML Platform
  • Windows ODBC Driver
  • Windows Protected EAP (PEAP)
  • Windows SChannel
  • Windows Win32K
Advertisements

Windows Common Log File System Driver EoP VulnerabilityZeroDay

CVE-2023-23376 is an EoP vulnerability in Windows operating systems receiving a CVSSv3 score of 7.8 that has been exploited in the wild. The vulnerability exists in the Common Log File System (CLFS) Driver, a logging service used by kernel-mode and user-mode applications. This vulnerability can be exploited after an attacker has gained access to a vulnerable target to elevate to SYSTEM privileges.

Similarly last year, microsoft has patched two EoP vulnerabilities in CLFS, CVE-2022-37969 patched in April 2022 and CVE-2022-24521 patched in September 2022, that were also exploited in the wild.

Microsoft Exchange Server RCE Vulnerability

CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 and CVE-2023-21710 are RCE vulnerabilities in supported versions of Microsoft Exchange Server. CVE-2023-21710 received a CVSSv3 score of 7.2 while the other three CVEs were assigned CVSSv3 scores of 8.8. The vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable server, via a network call. CVE-2023-21529, CVE-2023-21706, CVE-2023-21707 were given a rating of Exploitation More Likely.

CVE-2023-21529, CVE-2023-21706 and CVE-2023-21707 share similarities with CVE-2022-41082, an authenticated RCE publicly disclosed in September 2022 that was a part of the ProxyNotShell attack chain, a variant of the ProxyShell attack chain discovered in August 2021. Microsoft released mitigations in September to protect vulnerable servers until a patch was released in their November 2022 Patch Tuesday. A bypass of this mitigation, called OWASSRF (CVE-2022-41080), was then released in December 2022. Our recent blog on ProxyNotShell, OWASSRF and TabShell discusses these vulnerabilities in greater detail.

Advertisements

Microsoft Protected Extensible Authentication Protocol RCE Vulnerability

CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 are RCE vulnerabilities in Windows operating systems and have been given a CVSSv3 score of 9.8. The flaw lies in the Protected Extensible Authentication Protocol (PEAP) server component, which is used to establish secure connections with wireless clients. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code. For a target to be vulnerable, it must be running Network Policy Server and configured with a network policy that allows PEAP. All three vulnerabilities were rated as Exploitation More Likely

An additional RCE affecting PEAP, CVE-2023-21695, has also been patched this month. However, exploitation for this flaw does require authentication. All four of these CVEs could be exploited using a crafted PEAP packet sent to an unpatched host.

Windows Graphics Component EoP VulnerabilityZeroDay

CVE-2023-21823 is an EoP vulnerability in the Microsoft Windows Graphics Component. It received a CVSSv3 score of 7.8 and was exploited in the wild as a zero day. Exploitation of this flaw requires an attacker to log onto a vulnerable system and execute a specially crafted application. Successful exploitation would grant an attacker the ability to run processes in an elevated context.

Microsoft Office Security Feature Bypass VulnerabilityZeroDay

CVE-2023-21715 is a security feature bypass vulnerability in Microsoft Office that was given a CVSSv3 score of 7.3 and was exploited in the wild. To be exploited, the vulnerability requires a local, authenticated user to download and open an attacker-created file on a vulnerable system. An attacker would need to entice the user to download and execute the file to successfully exploit this flaw.

Microsoft Word RCE Vulnerability

CVE-2023-21716 is a RCE vulnerability in several versions of Microsoft Word, Sharepoint, 365 Apps and Office for Mac with a CVSSv3 score of 9.8. Although the vulnerable component is not specified, Microsoft states that the Preview Pane in these applications is an attack vector. The vulnerability can be exploited by an unauthenticated attacker sending an email with a rich text format (RTF) payload, which when opened, allows for command execution. The Microsoft advisory for this CVE links to MS08-026 and KB922849 for guidance on how to prevent Microsoft Office from opening RTF documents from unknown or untrusted sources by using the Microsoft Office File Block policy.

Advertisements

Summary of February 2023 patch release

CVE IDCVE TitleSeverityCVSS ScoreIs Exploitable
CVE-2023-21808.NET and Visual Studio Remote Code Execution VulnerabilityCritical8.4No
CVE-2023-21716Microsoft Word Remote Code Execution VulnerabilityCritical9.8No
CVE-2023-21718Microsoft SQL ODBC Driver Remote Code Execution VulnerabilityCritical7.8No
CVE-2023-21815Visual Studio Remote Code Execution VulnerabilityCritical8.4No
CVE-2023-23381Visual Studio Remote Code Execution VulnerabilityCritical8.4No
CVE-2023-21803Windows iSCSI Discovery Service Remote Code Execution VulnerabilityCritical9.8No
CVE-2023-21692Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityCritical9.8No
CVE-2023-21690Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityCritical9.8No
CVE-2023-21689Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityCritical9.8No
CVE-2023-21722.NET Framework Denial of Service VulnerabilityImportant4.4No
CVE-2023-233903D Builder Remote Code Execution VulnerabilityImportant7.8No
CVE-2023-233773D Builder Remote Code Execution VulnerabilityImportant7.8No
CVE-2023-23378Print 3D Remote Code Execution VulnerabilityImportant7.8No
CVE-2023-21777Azure App Service on Azure Stack Hub Elevation of Privilege VulnerabilityImportant8.7No
CVE-2023-21703Azure Data Box Gateway Remote Code Execution VulnerabilityImportant6.5No
CVE-2023-21564Azure DevOps Server Cross-Site Scripting VulnerabilityImportant7.1No
CVE-2023-21553Azure DevOps Server Remote Code Execution VulnerabilityImportant7.5No
CVE-2023-23382Azure Machine Learning Compute Instance Information Disclosure VulnerabilityImportant6.5No
CVE-2023-21699Windows Internet Storage Name Service (iSNS) Server Information Disclosure VulnerabilityImportant5.3No
CVE-2023-21697Windows Internet Storage Name Service (iSNS) Server Information Disclosure VulnerabilityImportant6.2No
CVE-2023-21809Microsoft Defender for Endpoint Security Feature Bypass VulnerabilityImportant7.8No
CVE-2023-23379Microsoft Defender for IoT Elevation of Privilege VulnerabilityImportant6.4No
CVE-2023-21807Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant5.8No
CVE-2023-21573Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant5.4No
CVE-2023-21571Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant5.4No
CVE-2023-21572Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant6.5No
CVE-2023-21778Microsoft Dynamics Unified Service Desk Remote Code Execution VulnerabilityImportant8.3No
CVE-2023-21570Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant5.4No
CVE-2023-21710Microsoft Exchange Server Remote Code Execution VulnerabilityImportant7.2No
CVE-2023-21707Microsoft Exchange Server Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21706Microsoft Exchange Server Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21529Microsoft Exchange Server Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21804Windows Graphics Component Elevation of Privilege VulnerabilityImportant7.8No
CVE-2023-21823Windows Graphics Component Remote Code Execution VulnerabilityImportant7.8Yes
CVE-2023-21714Microsoft Office Information Disclosure VulnerabilityImportant5.5No
CVE-2023-21721Microsoft OneNote Spoofing VulnerabilityImportant6.5No
CVE-2023-21715Microsoft Publisher Security Features Bypass VulnerabilityImportant7.3Yes
CVE-2023-21717Microsoft SharePoint Server Elevation of Privilege VulnerabilityImportant8.8No
CVE-2023-21693Microsoft PostScript Printer Driver Information Disclosure VulnerabilityImportant5.7No
CVE-2023-21801Microsoft PostScript Printer Driver Remote Code Execution VulnerabilityImportant7.8No
CVE-2023-21684Microsoft PostScript Printer Driver Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21686Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21685Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21799Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21802Windows Media Remote Code Execution VulnerabilityImportant7.8No
CVE-2023-21806Power BI Report Server Spoofing VulnerabilityImportant8.2No
CVE-2023-21713Microsoft SQL Server Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21528Microsoft SQL Server Remote Code Execution VulnerabilityImportant7.8No
CVE-2023-21705Microsoft SQL Server Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21568Microsoft SQL Server Integration Service (VS extension) Remote Code Execution VulnerabilityImportant7.3No
CVE-2023-21704Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant7.8No
CVE-2023-21566Visual Studio Elevation of Privilege VulnerabilityImportant7.8No
CVE-2023-21567Visual Studio Denial of Service VulnerabilityImportant5.6No
CVE-2023-21816Windows Active Directory Domain Services API Denial of Service VulnerabilityImportant7.5No
CVE-2023-21688NT OS Kernel Elevation of Privilege VulnerabilityImportant7.8No
CVE-2023-23376Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.8Yes
CVE-2023-21812Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant7.8No
CVE-2023-21813Windows Secure Channel Denial of Service VulnerabilityImportant7.5No
CVE-2023-21819Windows Secure Channel Denial of Service VulnerabilityImportant7.5No
CVE-2023-21820Windows Distributed File System (DFS) Remote Code Execution VulnerabilityImportant7.4No
CVE-2023-21694Windows Fax Service Remote Code Execution VulnerabilityImportant6.8No
CVE-2023-21687HTTP.sys Information Disclosure VulnerabilityImportant5.5No
CVE-2023-21800Windows Installer Elevation of Privilege VulnerabilityImportant7.8No
CVE-2023-21700Windows iSCSI Discovery Service Denial of Service VulnerabilityImportant7.5No
CVE-2023-21702Windows iSCSI Service Denial of Service VulnerabilityImportant7.5No
CVE-2023-21811Windows iSCSI Service Denial of Service VulnerabilityImportant7.5No
CVE-2023-21817Windows Kerberos Elevation of Privilege VulnerabilityImportant7.8No
CVE-2023-21805Windows MSHTML Platform Remote Code Execution VulnerabilityImportant7.8No
CVE-2023-21797Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21798Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant8.8No
CVE-2023-21695Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityImportant7.5No
CVE-2023-21701Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service VulnerabilityImportant7.5No
CVE-2023-21691Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure VulnerabilityImportant7.5No
CVE-2023-21818Windows Secure Channel Denial of Service VulnerabilityImportant7.5No
CVE-2023-21822Windows Graphics Component Elevation of Privilege VulnerabilityImportant7.8No
CVE-2023-21794Microsoft Edge (Chromium-based) Spoofing VulnerabilityLow4.3No
CVE-2023-21720Microsoft Edge (Chromium-based) Tampering VulnerabilityLow5.3No
CVE-2023-23374Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate8.3No

Leave a Reply

%d bloggers like this: