Security News > 2023 > February > Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs

We counted 75 CVE-numbered bugs dated 2023-02-14, given that this year's February updates arrived on Valentine's Day.

We extracted a list and included it below, sorted so that the bugs dubbed Critical are at the top.

On mobile devices such as phones, the crooks may use RCE bugs to leave behind spyware that will track you from then on, so they don't need to break in over and over again to keep their evil eyes on you.

Business users like to prioritise patches, rather than doing them all at once and hoping nothing breaks; we therefore put the Critical bugs at the top, along with the RCE holes, given that RCEs are typically used by crooks to get their initial foothold.

In the end all bugs need to be patched, especially now that the updates are available and attackers can start "Working backwards" by trying to figure out from the patches what sort of holes existed before the updates came out.

Reverse engineering Windows patches can be time-consuming, not least because Windows is a closed-source operating system, but it's an awful lot easier to figure out how bugs work and how to exploit them if you've got a good idea where to start looking, and what to look for.

News URL

https://nakedsecurity.sophos.com/2023/02/14/microsoft-patch-tuesday-36-rce-bugs-3-zero-days-75-cves/