"The attack itself is carried out locally by a user with authentication to the targeted system," explains Microsoft. The second zero-day vulnerability is in Microsoft Publisher and allows a specially crafted document to bypass Office macro policies that block untrusted or malicious files.Įxploiting this flaw would effectively allow macros in a malicious Publisher document to run without first warning the user. Therefore, for those customers who disable automatic updates in the Microsoft Store, Microsoft will not be pushing out the update automatically.īleepingComputer has contacted Mandiant to learn more about these vulnerabilities were actively exploited.ĬVE-2023-21715 - Microsoft Publisher Security Features Bypass Vulnerability discovered by Hidetake Jo of Microsoft. This security update will be pushed out to users via the Microsoft Store rather than Windows Update. Microsoft says this remote code execution vulnerability allows attackers to execute commands with SYSTEM privileges. The three actively exploited zero-day vulnerabilities fixed in today's updates are:ĬVE-2023-21823 - Windows Graphics Component Remote Code Execution Vulnerability discovered by Genwei Jiang and Dhanesh Kizhakkinan of Mandiant. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. This month's Patch Tuesday fixes three actively exploited zero-day vulnerabilities used in attacks. To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5022845 and KB5022836 cumulative updates and Windows 10 KB5022834 and KB5022840 updates. This count does not include three Microsoft Edge vulnerabilities fixed earlier this month. 8 Information Disclosure Vulnerabilities.38 Remote Code Execution Vulnerabilities.2 Security Feature Bypass Vulnerabilities.12 Elevation of Privilege Vulnerabilities.The number of bugs in each vulnerability category is listed below: Nine vulnerabilities have been classified as 'Critical' as they allow remote code execution on vulnerable devices. Today is Microsoft's February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of 77 flaws.
0 Comments
Leave a Reply. |