Security News > 2023 > February > Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.
"The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.
CVE-2023-23376 is also the third actively exploited zero-day flaw in the CLFS component after CVE-2022-24521 and CVE-2022-37969, which were addressed by Microsoft in April and September 2022.
"The Windows Common Log File System Driver is a component of the Windows operating system that manages and maintains a high-performance, transaction-based log file system," Immersive Labs' Nikolas Cemerikic said.
"It is an essential component of the Windows operating system, and any vulnerabilities in this driver could have significant implications for the security and reliability of the system."
Also addressed by Microsoft are multiple RCE defects in Exchange Server, ODBC Driver, PostScript Printer Driver, and SQL Server as well as denial-of-service issues impacting Windows iSCSI Service and Windows Secure Channel.
News URL
https://thehackernews.com/2023/02/update-now-microsoft-releases-patches.html
Related news
- Microsoft: Windows Recall now can be removed, is more secure (source)
- Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable (source)
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-14 | CVE-2023-23376 | Out-of-bounds Write vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
| 2023-02-14 | CVE-2023-21715 | Incorrect Authorization vulnerability in Microsoft 365 Apps Microsoft Publisher Security Features Bypass Vulnerability | 7.3 |
| 2022-09-13 | CVE-2022-37969 | Out-of-bounds Write vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
| 2022-04-15 | CVE-2022-24521 | Unspecified vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |