36 RCE bugs, 3 zero-days, 75 CVEs – Bare Safety

Deciphering Microsoft’s official Update Guide internet pages will not be for the faint-hearted.

Many of the info you want, if not every little thing you’d actually prefer to know, is there, however there’s such a dizzing variety of methods to view it, and so many generated-on-the-fly pages are wanted to show it, that it may be tough to seek out out what’s really new, and what’s really essential.

Do you have to search by the working system platforms affected?

By the severity of the vulnerabilies? By the chance of exploitation?

Do you have to type the zero-days to the highest?

(We don’t suppose you may – we expect there are three zero-days on this month’ record, however we needed to drill into particular person CVE pages and seek for the textual content “Exploitation detected” to be able to make sure that a particular bug was already identified to cybercriminals.)

What’s worse, an EoP or an RCE?

Is a Vital elevation of privilege (EoP) bug extra alarming than an Necessary distant code execution (RCE)?

The previous sort of bug requires cybercriminals to interrupt in first, however most likely provides them a method to take over utterly, usually getting them the equal of sysadmin powers or working system-level management.

The second sort of bug may solely get the crooks in with the lowly entry privileges of little outdated you, nevertheless it however will get them onto the community within the first place.

After all, whereas everybody else may breathe a sigh of aid if an attacker wasn’t capable of get entry to their stuff, that’s chilly consolation for you, for those who’re the one who did get attacked.

We counted 75 CVE-numbered bugs dated 2023-02-14, on condition that this yr’s February updates arrived on Valentine’s Day.

(Really, we discovered 76, however we ignored one bug that didn’t have a severity score, was tagged CVE-2019-15126, and appears to boil all the way down to a report about unsupported Broadcom Wi-Fi chips in Microsoft Hololens units – if in case you have a Hololens and have any recommendation for different readers, please tell us within the feedback under.)

We extracted a listing and included it under, sorted in order that the bugs dubbed Vital are on the prime (there are seven of them, all RCE-class bugs).

You may as well learn the SophosLabs evaluation of Patch Tuesday for extra particulars.



Safety bug lessons defined

For those who’re not acquainted with the bug abbreviations proven under, right here’s a high-speed information to safety flaws:

  • RCE means Distant Code Execution. Attackers who aren’t at present logged on to your laptop might trick it into operating a fraction of program code, or perhaps a full-blown program, as if they’d authenticated entry. Sometimes, on desktops or servers, the criminals use this type of bug to implant code that permits them to get again in at will in future, thus establishing a beachhead from which to kick off a network-wide assault. On cell units resembling telephones, the crooks might use RCE bugs to depart behind adware that may monitor you from then on, in order that they don’t want to interrupt in time and again to maintain their evil eyes on you.
  • EoP means Elevation of Privilege. As talked about above, this implies crooks can enhance their entry rights, usually buying the identical type of powers that an official sysadmin or the working itself would normally take pleasure in. As soon as they’ve system-level powers, they’re typically capable of roam freely in your community, steal safe recordsdata even from restricted-access servers, create hidden person accounts for getting again in later, or map out your total IT property in preparation for a ransomware assault.
  • Leak signifies that security-related or personal knowledge may escape from safe storage. Generally, even apparently minor leaks, resembling the situation of particular working system code in reminiscence, which an attacker isn’t supposed to have the ability to predict, can provide criminals the data they should flip an most likely unsuccessful assault into an nearly actually profitable one.
  • Bypass signifies that a safety safety you’d normally count on to maintain you secure will be skirted. Crooks usually exploit bypass vulnerabilities to trick you into trusting distant content material resembling electronic mail attachments, for instance by discovering a method to keep away from the “content material warnings” or to avoid the malware detection which are supposed to maintain you secure.
  • Spoof signifies that content material will be made to look extra reliable than it truly is. For instance, attackers who lure you to a pretend web site that exhibits up in your browser with an official server title within the deal with bar (or what seems to be just like the deal with bar)are a lot prone to trick you into handing over private knowledge than in the event that they’re pressured to place their pretend content material on a web site that clearly isn’t the one you’d count on.
  • DoS means Denial of Service. Bugs that permit community or server providers to be knocked offline briefly are sometimes thought-about low-grade flaws, assuming that the bug doesn’t then permit attackers to interrupt in, steal knowledge or entry something they shouldn’t. However attackers who can reliably take down components of your community could possibly accomplish that time and again in a co-ordinated method, for instance by timing their DoS probes to occur each time your crashed servers restart. This may be extraordinarily disruptive, esepcially in case you are operating a web-based enterprise, and may also be used as a distraction to attract consideration away from different unlawful actions that the crooks are doing in your community on the identical time.

The massive bug record

The 75-strong bug record is right here, with the three zero-days we learn about marked with an asterisk (*):


NIST ID          Degree        Sort    Element affected
---------------  -----------  ------  ----------------------------------------
CVE-2023-21689:  (Vital)   RCE     Home windows Protected EAP (PEAP) 	
CVE-2023-21690:  (Vital)   RCE     Home windows Protected EAP (PEAP) 	
CVE-2023-21692:  (Vital)   RCE     Home windows Protected EAP (PEAP) 	
CVE-2023-21716:  (Vital)   RCE     Microsoft Workplace Phrase 	
CVE-2023-21803:  (Vital)   RCE     Home windows iSCSI 	
CVE-2023-21815:  (Vital)   RCE     Visible Studio 	
CVE-2023-23381:  (Vital)   RCE     Visible Studio 	
CVE-2023-21528:  (Necessary)  RCE     SQL Server 	
CVE-2023-21529:  (Necessary)  RCE     Microsoft Trade Server 	
CVE-2023-21568:  (Necessary)  RCE     SQL Server 	
CVE-2023-21684:  (Necessary)  RCE     Microsoft PostScript Printer Driver 	
CVE-2023-21685:  (Necessary)  RCE     Microsoft WDAC OLE DB supplier for SQL 	
CVE-2023-21686:  (Necessary)  RCE     Microsoft WDAC OLE DB supplier for SQL 	
CVE-2023-21694:  (Necessary)  RCE     Home windows Fax and Scan Service 	
CVE-2023-21695:  (Necessary)  RCE     Home windows Protected EAP (PEAP) 	
CVE-2023-21703:  (Necessary)  RCE     Azure Knowledge Field Gateway 	
CVE-2023-21704:  (Necessary)  RCE     SQL Server 	
CVE-2023-21705:  (Necessary)  RCE     SQL Server 	
CVE-2023-21706:  (Necessary)  RCE     Microsoft Trade Server 	
CVE-2023-21707:  (Necessary)  RCE     Microsoft Trade Server 	
CVE-2023-21710:  (Necessary)  RCE     Microsoft Trade Server 	
CVE-2023-21713:  (Necessary)  RCE     SQL Server 	
CVE-2023-21718:  (Necessary)  RCE     SQL Server 	
CVE-2023-21778:  (Necessary)  RCE     Microsoft Dynamics 	
CVE-2023-21797:  (Necessary)  RCE     Home windows ODBC Driver 	
CVE-2023-21798:  (Necessary)  RCE     Home windows ODBC Driver 	
CVE-2023-21799:  (Necessary)  RCE     Microsoft WDAC OLE DB supplier for SQL 	
CVE-2023-21801:  (Necessary)  RCE     Microsoft PostScript Printer Driver 	
CVE-2023-21802:  (Necessary)  RCE     Microsoft Home windows Codecs Library 	
CVE-2023-21805:  (Necessary)  RCE     Home windows MSHTML Platform 	
CVE-2023-21808:  (Necessary)  RCE     .NET and Visible Studio 	
CVE-2023-21820:  (Necessary)  RCE     Home windows Distributed File System (DFS) 	
CVE-2023-21823:  (Necessary) *RCE     Microsoft Graphics Element
CVE-2023-23377:  (Necessary)  RCE     3D Builder 	
CVE-2023-23378:  (Necessary)  RCE     3D Builder 	
CVE-2023-23390:  (Necessary)  RCE     3D Builder 	
CVE-2023-21566:  (Necessary)  EoP     Visible Studio 	
CVE-2023-21688:  (Necessary)  EoP     Home windows ALPC 	
CVE-2023-21717:  (Necessary)  EoP     Microsoft Workplace SharePoint 	
CVE-2023-21777:  (Necessary)  EoP     Azure App Service 	
CVE-2023-21800:  (Necessary)  EoP     Home windows Installer 	
CVE-2023-21804:  (Necessary)  EoP     Microsoft Graphics Element 	
CVE-2023-21812:  (Necessary)  EoP     Home windows Frequent Log File System Driver 	
CVE-2023-21817:  (Necessary)  EoP     Home windows Kerberos 	
CVE-2023-21822:  (Necessary)  EoP     Home windows Win32K 	
CVE-2023-23376:  (Necessary) *EoP     Home windows Frequent Log File System Driver 	
CVE-2023-23379:  (Necessary)  EoP     Microsoft Defender for IoT 	
CVE-2023-21687:  (Necessary)  Leak    Home windows HTTP.sys 	
CVE-2023-21691:  (Necessary)  Leak    Home windows Protected EAP (PEAP) 	
CVE-2023-21693:  (Necessary)  Leak    Microsoft PostScript Printer Driver 	
CVE-2023-21697:  (Necessary)  Leak    Web Storage Identify Service 	
CVE-2023-21699:  (Necessary)  Leak    Web Storage Identify Service 	
CVE-2023-21714:  (Necessary)  Leak    Microsoft Workplace 	
CVE-2023-23382:  (Necessary)  Leak    Azure Machine Studying 	
CVE-2023-21715:  (Necessary) *Bypass  Microsoft Workplace Writer 
CVE-2023-21809:  (Necessary)  Bypass  Microsoft Defender for Endpoint 	
CVE-2023-21564:  (Necessary)  Spoof   Azure DevOps 	
CVE-2023-21570:  (Necessary)  Spoof   Microsoft Dynamics 	
CVE-2023-21571:  (Necessary)  Spoof   Microsoft Dynamics 	
CVE-2023-21572:  (Necessary)  Spoof   Microsoft Dynamics 	
CVE-2023-21573:  (Necessary)  Spoof   Microsoft Dynamics 	
CVE-2023-21721:  (Necessary)  Spoof   Microsoft Workplace OneNote 	
CVE-2023-21806:  (Necessary)  Spoof   Energy BI 	
CVE-2023-21807:  (Necessary)  Spoof   Microsoft Dynamics 	
CVE-2023-21567:  (Necessary)  DoS     Visible Studio 	
CVE-2023-21700:  (Necessary)  DoS     Home windows iSCSI 	
CVE-2023-21701:  (Necessary)  DoS     Home windows Protected EAP (PEAP) 	
CVE-2023-21702:  (Necessary)  DoS     Home windows iSCSI 	
CVE-2023-21722:  (Necessary)  DoS     .NET Framework 	
CVE-2023-21811:  (Necessary)  DoS     Home windows iSCSI 	
CVE-2023-21813:  (Necessary)  DoS     Home windows Cryptographic Providers 	
CVE-2023-21816:  (Necessary)  DoS     Home windows Energetic Listing 	
CVE-2023-21818:  (Necessary)  DoS     Home windows SChannel 	
CVE-2023-21819:  (Necessary)  DoS     Home windows Cryptographic Providers 	
CVE-2023-21553:  (Unknown)    RCE     Azure DevOps 	

What to do?

Enterprise customers prefer to prioritise patches, fairly than doing them and hoping nothing breaks.

We due to this fact put the Vital bugs on the prime, together with the RCE holes, on condition that RCEs are usually utilized by crooks to get their preliminary foothold.

Ultimately, nonetheless, all bugs must be patched, particularly now that the updates can be found and attackers can begin “working backwards” by making an attempt to determine from the patches what kind of holes existed earlier than the updates got here out.

Reverse engineering Home windows patches will be time-consuming, not least as a result of Home windows is a closed-source working system, nevertheless it’s an terrible lot simpler to determine how bugs work and find out how to exploit them for those who’ve acquired a good suggestion the place to begin wanting, and what to search for.

The earlier you get forward (or the faster you catch up, within the case of zero-day holes, that are bugs that the crooks discovered first), the much less probably you’ll be the one who will get attacked.

So even for those who don’t patch every little thing without delay, we’re however going to say: Don’t delay/Get began at present!


READ THE SOPHOSLABS ANALYSIS OF PATCH TUESDAY FOR MORE DETAILS