Breaking Down the Latest February 2023 Patch Tuesday Report

15Jun 2023 by Ernest Haberli Jr. No Comments

Patch Tuesday refers to a day on which Microsoft rolls out Security Patches for the Vulnerability once a month “Patch Tuesday” instead of releasing patches independently for the flaws. The day usually falls on the second Tuesday of each month. On the day, Microsoft releases patches or security updates for the Windows operating system and other Microsoft software applications, including Microsoft Office. Considering its importance, we have decided to publish a monthly breakdown of the Microsoft Patch Tuesday report on securitymaster.dev. We are going to cover the February 2023 Patch Tuesday this time, and going forward. You are going to see the same report for upcoming months on this website.

Microsoft Patch Tuesday February 2023 Report Summary:

Microsoft released the February 2023 Patch Tuesday on 14th Feb. Let’s see the summary of the report:

The update addresses 77 vulnerabilities, 9 are classified as critical, and 68 are classified as important.
The February 2023 update includes fixes for three zero-day vulnerabilities, which are exploited in the wild.
Out of 9 Critical vulnerabilities, 8 are Remote Code Execution vulnerabilities, and one is Privilege Escalation.
The products covered in the February security update include Microsoft Windows, Office, Azure, Microsoft System Center, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Visual Studio, Microsoft Edge, and many Developer Tools.
The update also includes non-security updates for Windows 10 and Windows Server 2016/2019.

source: SYXSENSE

Vulnerabilities by Category:

Vulnerability Type	Quantity	Severities
Remote Code Execution Vulnerability	38	Important: 29Critical: 9
Elevation of Privilege Vulnerability	12	Important: 12
Denial of Service Vulnerability	10	Important: 10
Information Disclosure Vulnerability	8	Important: 8
Spoofing Vulnerability	8	Important: 8
Security Feature Bypass Vulnerability	2	Important: 2

All 77 vulnerabilities are categorized into 6 vulnerabilities. Remote Code Execution is found to be the most prevalent in the list, and Security Feature Bypass Vulnerability is the less. The above table shows there are 38 occurrences of RCE vulnerability, of which 9 are classified as Critical, and the remaining 28 are Important in severity. Please refer to the table that shows the vulnerabilities by categories.

List of Zero-Day Vulnerabilities Patched in February 2023 Patch Tuesday:

The term “zero-day” refers to the fact that developers have zero days to fix the issue before attackers can take advantage of it. These are considered the most dangerous since they are set to exploit before patches are released. Microsoft announced that it had fixed three such zero-day vulnerabilities that are being exploited in the wild.

CVE ID	Vulnerable Product/Application	Vulnerability Type
CVE-2023-21823	Windows Graphics Component	Remote Code Execution
CVE-2023-21715	Microsoft Publisher	Security Features Bypass
CVE-2023-23376	Windows Common Log File System Driver	Elevation of Privilege

List of Critical Vulnerabilities Patched in February 2023 Patch Tuesday:

The severity of the identified vulnerabilities is measured in the CVSS score. CVSS is a scale measured from 0 to 10 where 0 is the least severe and 10 is the most severe Vulnerability. All the vulnerabilities are assigned a CVSS number between 0.0 to 10.10 depending on several factors, including the attack vector, the attack complexity, and the impact on confidentiality, integrity, and availability. The vulnerabilities assigned the CVSS score between 0 to 4 are labeled ‘Low’ severity. The vulnerabilities assigned the CVSS score between 4 to 7 are labeled ‘Medium’ severity. Similarly, the vulnerabilities assigned a CVSS score between 7 to 8 are labeled ‘High’ severity, and the CVSS score between 9 to 10 is ‘Critical’ in severity.

The below table lists the vulnerabilities considered Critical in severity.

CVE ID	Vulnerable Product/Application	Vulnerability Type
CVE-2023-21808	.NET 6.0	Elevation of Privilege
CVE-2023-23381	Microsoft Visual Studio 2017 version 15.9	Remote Code Execution
CVE-2023-21808	Microsoft Visual Studio 2017 version 15.9	Elevation of Privilege
CVE-2023-21815	Microsoft Visual Studio 2017 version 15.9	Remote Code Execution
CVE-2023-21692	Windows Server 2008 for 32-bit Systems Service Pack 2	Remote Code Execution
CVE-2023-21718	Microsoft SQL Server 2019 for x64-based Systems (CU 18)	Remote Code Execution
CVE-2023-21716	Microsoft Word 2013 Service Pack 1 (64-bit editions)	Remote Code Execution
CVE-2023-21803	Windows Server 2008 for 32-bit Systems Service Pack 2	Remote Code Execution
CVE-2023-21690	Windows Server 2012 R2 (Server Core installation)	Remote Code Execution
CVE-2023-21689	Windows Server 2012 R2 (Server Core installation)	Remote Code Execution

Comprehensive List of Vulnerabilities Patched in February 2023 Patch Tuesday Are:

We have segregated the list into multiple lists by the Applications. You can download the list from the official Microsoft security updates sheet from here.

Apps vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-23378	Print 3D Remote Code Execution Vulnerability	No	No	7.8
CVE-2023-23377	3D Builder Remote Code Execution Vulnerability	No	No	7.8
CVE-2023-23390	3D Builder Remote Code Execution Vulnerability	No	No	7.8

Azure vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21777	Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability	No	No	8.7
CVE-2023-21564	Azure DevOps Server Cross-Site Scripting Vulnerability	No	No	7.1
CVE-2023-23382	Azure Machine Learning Compute Instance Information Disclosure Vulnerability	No	No	6.5
CVE-2023-21703	Azure Data Box Gateway Remote Code Execution Vulnerability	No	No	6.5

Browser vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-23374	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	No	No	8.3
CVE-2023-21720	Microsoft Edge (Chromium-based) Tampering Vulnerability	No	No	5.3
CVE-2023-21794	Microsoft Edge (Chromium-based) Spoofing Vulnerability	No	No	4.3

Developer Tools vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21815	Visual Studio Remote Code Execution Vulnerability	No	No	8.4
CVE-2023-23381	Visual Studio Remote Code Execution Vulnerability	No	No	8.4
CVE-2023-21808	.NET and Visual Studio Remote Code Execution Vulnerability	No	No	8.4
CVE-2023-21566	Visual Studio Elevation of Privilege Vulnerability	No	No	7.8
CVE-2023-21553	Azure DevOps Server Remote Code Execution Vulnerability	No	No	7.5
CVE-2023-21567	Visual Studio Denial of Service Vulnerability	No	No	5.6
CVE-2023-21722	.NET Framework Denial of Service Vulnerability	No	No	4.4

Device vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2019-15126	MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device	No	No	N/A

ESU vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21800	Windows Installer Elevation of Privilege Vulnerability	No	No	7.8

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21823	Windows Graphics Component Remote Code Execution Vulnerability	Yes	No	7.8

ESU Windows vulnerabilities

CVE-2023-21803	Windows iSCSI Discovery Service Remote Code Execution Vulnerability	No	No	9.8
CVE-2023-21689	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	No	No	9.8
CVE-2023-21690	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	No	No	9.8
CVE-2023-21692	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	No	No	9.8
CVE-2023-21799	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21685	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21686	Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21684	Microsoft PostScript Printer Driver Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21797	Microsoft ODBC Driver Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21798	Microsoft ODBC Driver Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21802	Windows Media Remote Code Execution Vulnerability	No	No	7.8
CVE-2023-21805	Windows MSHTML Platform Remote Code Execution Vulnerability	No	No	7.8
CVE-2023-21817	Windows Kerberos Elevation of Privilege Vulnerability	No	No	7.8
CVE-2023-21822	Windows Graphics Component Elevation of Privilege Vulnerability	No	No	7.8
CVE-2023-21812	Windows Common Log File System Driver Elevation of Privilege Vulnerability	No	No	7.8
CVE-2023-23376	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Yes	No	7.8
CVE-2023-21688	NT OS Kernel Elevation of Privilege Vulnerability	No	No	7.8
CVE-2023-21801	Microsoft PostScript Printer Driver Remote Code Execution Vulnerability	No	No	7.8
CVE-2023-21811	Windows iSCSI Service Denial of Service Vulnerability	No	No	7.5
CVE-2023-21702	Windows iSCSI Service Denial of Service Vulnerability	No	No	7.5
CVE-2023-21700	Windows iSCSI Discovery Service Denial of Service Vulnerability	No	No	7.5
CVE-2023-21813	Windows Secure Channel Denial of Service Vulnerability	No	No	7.5
CVE-2023-21818	Windows Secure Channel Denial of Service Vulnerability	No	No	7.5
CVE-2023-21816	Windows Active Directory Domain Services API Denial of Service Vulnerability	No	No	7.5
CVE-2023-21695	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability	No	No	7.5
CVE-2023-21691	Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability	No	No	7.5
CVE-2023-21701	Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability	No	No	7.5
CVE-2023-21820	Windows Distributed File System (DFS) Remote Code Execution Vulnerability	No	No	7.4
CVE-2023-21694	Windows Fax Service Remote Code Execution Vulnerability	No	No	6.8
CVE-2023-21697	Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability	No	No	6.2
CVE-2023-21693	Microsoft PostScript Printer Driver Information Disclosure Vulnerability	No	No	5.7
CVE-2023-21699	Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability	No	No	5.3

Exchange Server vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21706	Microsoft Exchange Server Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21707	Microsoft Exchange Server Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21529	Microsoft Exchange Server Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21710	Microsoft Exchange Server Remote Code Execution Vulnerability	No	No	7.2

Microsoft Dynamics vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21778	Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability	No	No	8.3
CVE-2023-21572	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	No	No	6.5
CVE-2023-21807	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	No	No	5.8
CVE-2023-21570	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	No	No	5.4
CVE-2023-21571	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	No	No	5.4
CVE-2023-21573	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	No	No	5.4

Microsoft Office vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21716	Microsoft Word Remote Code Execution Vulnerability	No	No	9.8
CVE-2023-21717	Microsoft SharePoint Server Elevation of Privilege Vulnerability	No	No	8.8
CVE-2023-21715	Microsoft Publisher Security Features Bypass Vulnerability	Yes	No	7.3
CVE-2023-21721	Microsoft OneNote Spoofing Vulnerability	No	No	6.5
CVE-2023-21714	Microsoft Office Information Disclosure Vulnerability	No	No	5.5

SQL Server vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21705	Microsoft SQL Server Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21713	Microsoft SQL Server Remote Code Execution Vulnerability	No	No	8.8
CVE-2023-21806	Power BI Report Server Spoofing Vulnerability	No	No	8.2
CVE-2023-21528	Microsoft SQL Server Remote Code Execution Vulnerability	No	No	7.8
CVE-2023-21718	Microsoft SQL ODBC Driver Remote Code Execution Vulnerability	No	No	7.8
CVE-2023-21704	Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability	No	No	7.8
CVE-2023-21568	Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability	No	No	7.3

System Center vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21809	Microsoft Defender for Endpoint Security Feature Bypass Vulnerability	No	No	7.8
CVE-2023-23379	Microsoft Defender for IoT Elevation of Privilege Vulnerability	No	No	6.4

Windows vulnerabilities

CVE	Title	Exploited?	Publicly disclosed?	CVSSv3 base score
CVE-2023-21804	Windows Graphics Component Elevation of Privilege Vulnerability	No	No	7.8
CVE-2023-21819	Windows Secure Channel Denial of Service Vulnerability	No	No	7.5
CVE-2023-21687	HTTP.sys Information Disclosure Vulnerability	No	No	5.5