Security News > 2023 > February > Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs
We counted 75 CVE-numbered bugs dated 2023-02-14, given that this year's February updates arrived on Valentine's Day.
We extracted a list and included it below, sorted so that the bugs dubbed Critical are at the top.
On mobile devices such as phones, the crooks may use RCE bugs to leave behind spyware that will track you from then on, so they don't need to break in over and over again to keep their evil eyes on you.
Business users like to prioritise patches, rather than doing them all at once and hoping nothing breaks; we therefore put the Critical bugs at the top, along with the RCE holes, given that RCEs are typically used by crooks to get their initial foothold.
In the end all bugs need to be patched, especially now that the updates are available and attackers can start "Working backwards" by trying to figure out from the patches what sort of holes existed before the updates came out.
Reverse engineering Windows patches can be time-consuming, not least because Windows is a closed-source operating system, but it's an awful lot easier to figure out how bugs work and how to exploit them if you've got a good idea where to start looking, and what to look for.
News URL
https://nakedsecurity.sophos.com/2023/02/14/microsoft-patch-tuesday-36-rce-bugs-3-zero-days-75-cves/
Related news
- Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws (source)
- Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws (source)
- Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs (source)
- February 2024 Patch Tuesday forecast: Zero days are back and a new server too (source)
- Microsoft: New critical Outlook RCE bug exploited as zero-day (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Week in review: Windows Event Log zero-day, exploited critical Jenkins RCE flaw (source)
- Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast (source)
- Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) (source)
- Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days (source)