Microsoft Monthly Security Update (February 2023)

Last Update Date: 7 Mar 2023 Release Date: 15 Feb 2023 5448 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2023-03-07] 

Proof of Concept exploit code is publicly available for CVE-2023-21716, affecting Microsoft Word. The vulnerability could be exploited by previewing a malicious RTF document and execute arbitrary code after memory corruption.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
SQL ServerMedium Risk Medium RiskRemote Code Execution
Spoofing		 
WindowsExtremely High Risk Extremely High RiskRemote Code Execution
Elevation of Privilege
Denial of Service
Information Disclosure

Exploit in the wild

CVE-2023-21823

CVE-2023-23376

Extended Security Updates (ESU)Extremely High Risk Extremely High RiskRemote Code Execution
Elevation of Privilege
Denial of Service
Information Disclosure

Exploit in the wild

CVE-2023-21823

CVE-2023-23376

AzureMedium Risk Medium RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Spoofing		 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution
Spoofing		 
BrowserMedium Risk Medium RiskSpoofing
Data Manipulation
Remote Code Execution		 
Exchange ServerMedium Risk Medium RiskRemote Code Execution 
Microsoft OfficeExtremely High Risk Extremely High RiskSpoofing
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Restriction Bypass

Exploit in the wild

CVE-2023-21823

CVE-2023-21715

 

Proof of Concept exploit code Is publicly available for CVE-2023-21716

Developer ToolsMedium Risk Medium RiskElevation of Privilege
Denial of Service
Remote Code Execution		 
AppsMedium Risk Medium RiskRemote Code Execution 
System CenterMedium Risk Medium RiskElevation of Privilege
Security Restriction Bypass		 
DeviceMedium Risk Medium RiskInformation Disclosure 

 

Number of 'Extremely High Risk' product(s): 3

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 9

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk

Impact

  • Denial of Service
  • Remote Code Execution
  • Spoofing
  • Elevation of Privilege
  • Information Disclosure
  • Data Manipulation
  • Security Restriction Bypass

System / Technologies affected

  • SQL Server
  • Windows
  • Extended Security Updates (ESU)
  • Azure
  • Microsoft Dynamics
  • Browser
  • Exchange Server
  • Microsoft Office
  • Developer Tools
  • Apps
  • System Center
  • Device

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftDenial of ServiceElevation of PrivilegeRemote Code ExecutionSecurity Restriction BypassInformation DisclosureSpoofingData ManipulationExploit In The WildProof of Concept

Share with

Previous

ChromeOS Multiple Vulnerabilities

6 Mar 2023 3536 Views

Next

Google Chrome Multiple Vulnerabilities

8 Mar 2023 4084 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY