Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws

2023-02-14 18:28

Today is Microsoft's February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of 77 flaws.

This month's Patch Tuesday fixes three actively exploited zero-day vulnerabilities used in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The third actively exploited vulnerability allows an "Attacker who successfully exploited this vulnerability could gain SYSTEM privileges."

BleepingComputer has contacted Microsoft to learn more about how the CVE-2023-21715 and CVE-2023-23376 vulnerabilities were exploited in attacks.

Below is the complete list of resolved vulnerabilities and released advisories in the February 2023 Patch Tuesday updates.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2023-patch-tuesday-fixes-3-exploited-zero-days-77-flaws/

#microsoft #patch #patchtuesday #zeroday #CVE-2023-23376 #CVE-2023-21715

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-14	CVE-2023-23376	Out-of-bounds Write vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability local low complexity microsoft CWE-787	7.8
2023-02-14	CVE-2023-21715	Incorrect Authorization vulnerability in Microsoft 365 Apps Microsoft Publisher Security Feature Bypass Vulnerability local low complexity microsoft CWE-863	7.3

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		383	52	1433	2957	180	4622

News URL

Related news

Related Vulnerability

Related vendor