{"id":21254,"date":"2023-02-15T16:10:38","date_gmt":"2023-02-16T00:10:38","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/02\/15\/news-14986\/"},"modified":"2023-02-15T16:10:38","modified_gmt":"2023-02-16T00:10:38","slug":"news-14986","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/02\/15\/news-14986\/","title":{"rendered":"Update now! February’s Patch Tuesday tackles three zero-days"},"content":{"rendered":"

The Patch Tuesday roundup from Microsoft for February 2023 includes three zero-days<\/a>. Not exactly what we had in mind for Valentine’s Day.<\/p>\n

Microsoft classifies a vulnerability as a zero-day<\/a> if it is publicly disclosed or actively exploited with no official fix available. As far as we can tell, only two of the vulnerabilities were actually exploited in the wild.<\/p>\n

The zero-days patched in these updates are:<\/p>\n

Graphics component<\/h2>\n

CVE-2023-21823<\/a>: A Windows Graphics Component remote code execution (RCE) vulnerability. An attacker who successfully exploited this vulnerability could execute commands with SYSTEM privileges.<\/p>\n

Important to note here that this update comes from the Microsoft Store. So users that have disabled automatic updates for the Microsoft Store have to get the update through the Microsoft Store by following the guide titled Get updates for apps and games in Microsoft Store<\/a>. Be sure to select the tab for the operating system installed on your device to search for updates.<\/p>\n

The Microsoft update guide for this vulnerability<\/a> specifically mentions OneNote for Android. At Malwarebytes, we’ve recently seen ASyncRAT campaigns using malicious OneNote (.one) attachments, so we hope to see that this update puts an end to that method of infection.<\/p>\n

Microsoft Publisher<\/h2>\n

CVE-2023-21715<\/a>: A Microsoft Publisher security features bypass vulnerability. An attacker who successfully exploited this vulnerability could bypass Office macro policies in Microsoft Publisher which are used to block untrusted or malicious files. The attack itself has to be carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.<\/p>\n

Although that makes it sound hard to abuse, Microsoft says it has detected exploitation of this vulnerability.<\/p>\n

Windows Common Log File System Driver<\/h2>\n

CVE-2023-23376<\/a>: A Windows Common Log File System Driver elevation of privilege (EoP) vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This means it can be very useful in a chain of vulnerabilities, but Microsoft gives no clues about any other vulnerabilities this EoP has been used in combination with.<\/p>\n

Other patched vulnerabilities<\/h2>\n

Exchange Server: included are patches for three remote code execution flaws that are labelled as likely to be exploited. These vulnerabilities listed as CVE-2023-21706<\/a>, CVE-2023-21707<\/a>, and CVE-2023-21529<\/a> all require authentication.<\/p>\n

Microsoft Word: an RCE vulnerability listed as CVE-2023-21716<\/a> with a CVSS<\/a> score of 9.8 out of 10. An unauthenticated attacker could send a malicious email containing a Rich Text Format (RTF) payload that would allow them to gain access to execute commands within the application used to open the malicious file.<\/p>\n

Unpatched<\/h2>\n

Microsoft has also disclosed<\/a> a vulnerability listed as CVE-2023-23378<\/a> in the end-of-life (EOL) application Print 3D. EOL is an expression commonly used by software vendors to indicate that a product or version of a product has reached the end of usefulness in the eyes of the vendor. Print 3D was deprecated along with Windows 10 version 1903<\/a>.<\/p>\n

Microsoft has confirmed that it will not release a patch to fix the vulnerability and that customers should update to the 3D Builder app.<\/p>\n

Other vendors<\/h2>\n

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.<\/p>\n

Adobe published security updates<\/a> for several of its products.<\/p>\n

Apple released information about the new security content of macOS Ventura 13.2.1 and of iOS 16.3.1 and iPadOS 16.3.1<\/a>.<\/p>\n

Atlassian published a FAQ<\/a> for CVE-2023-22501<\/a>, an authentication vulnerability in Jira Service Management Server and Data Center.<\/p>\n

Cisco released security updates<\/a> for several of its products.<\/p>\n

Citrix has released security updates to address high-severity vulnerabilities (CVE-2023-24486<\/a>, CVE-2023-24484, CVE-2023-24485<\/a>, and CVE-2023-24483<\/a>) in Citrix Workspace Apps, Virtual Apps and Desktops.<\/p>\n

Google released security updates<\/a> for Pixel.<\/p>\n

Mozilla has released security advisories for Firefox 110<\/a> and Firefox ESR 102.8<\/a>.<\/p>\n

Forta released a security update for the actively exploited GoAnywhere MFT<\/a> zero-day flaw.<\/p>\n

OpenSSH released details<\/a> about version 9.2 which patches CVE-2023-25136<\/a>.<\/p>\n

SAP has released its February 2023 Patch Day updates<\/a>.<\/p>\n

\n

We don’t just report on vulnerabilities—we identify them, and prioritize action.<\/strong><\/p>\n

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\n\n
\n

Categories: Exploits and vulnerabilities<\/a><\/p>\n

Categories: News<\/a><\/p>\n

Tags: patch Tuesday<\/p>\n

Tags: Microsoft<\/p>\n

Tags: Apple<\/p>\n

Tags: Adobe<\/p>\n

Tags: SAP<\/p>\n

Tags: Citrix<\/p>\n

Tags: Cisco<\/p>\n

Tags: Atlassian<\/p>\n

Tags: Google<\/p>\n

Tags: Mozilla<\/p>\n

Tags: Forta<\/p>\n

Tags: OpenSSH<\/p>\n

Tags: CVE-2023-21823<\/p>\n

Tags: CVE-2023-21715<\/p>\n

Tags: OneNote<\/p>\n

Tags: CVE-2023-23376<\/p>\n

Tags: CVE-2023-21706<\/p>\n

Tags: CVE-2023-21707<\/p>\n

Tags: CVE-2023-21529<\/p>\n

Tags: CVE-2023-21716<\/p>\n

Tags: CVE-2023-23378<\/p>\n

Tags: CVE-2023-22501<\/p>\n

Tags: CVE-2023-24486<\/p>\n

Tags: CVE-2023-24484<\/p>\n

Tags: CVE-2023-24484<\/p>\n

Tags: CVE-2023-24483<\/p>\n

Tags: CVE-2023-25136<\/p>\n

Tags: GoAnywhere<\/p>\n

Microsoft has released updates to patch three zero-days and lots of other vulnerabilities and so have several other vendors<\/p>\n\n\n
\n

(Read more…<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n

The post Update now! February’s Patch Tuesday tackles three zero-days<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11414,2211,26411,11560,20352,28621,28622,28623,28624,28625,28626,28663,28627,28662,28666,28665,28664,28667,22783,28660,28588,1670,10516,13271,32,28518,28661,19245,21748],"class_list":["post-21254","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-adobe","tag-apple","tag-atlassian","tag-cisco","tag-citrix","tag-cve-2023-21529","tag-cve-2023-21706","tag-cve-2023-21707","tag-cve-2023-21715","tag-cve-2023-21716","tag-cve-2023-21823","tag-cve-2023-22501","tag-cve-2023-23376","tag-cve-2023-23378","tag-cve-2023-24483","tag-cve-2023-24484","tag-cve-2023-24486","tag-cve-2023-25136","tag-exploits-and-vulnerabilities","tag-forta","tag-goanywhere","tag-google","tag-microsoft","tag-mozilla","tag-news","tag-onenote","tag-openssh","tag-patch-tuesday","tag-sap"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=21254"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21254\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=21254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=21254"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=21254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}