1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft unveils fixes for more critical security flaws, so patc

    From TechnologyDaily@1337:1/100 to All on Wed Feb 15 14:45:03 2023
    Microsoft unveils fixes for more critical security flaws, so patch now

    Date:
    Wed, 15 Feb 2023 14:33:52 +0000

    Description:
    Microsoft's February Patch Tuesday release is upon us, fixing three zero-days among other things.

    FULL STORY ======================================================================

    Microsoft has released this months Patch Tuesday security update, fixing a total of 77 flaws including three zero-day vulnerabilities.

    A zero-day is a high-severity vulnerability that a threat actor can leverage destructive cyberattacks, that still hasnt been patched. Given that this months patch fixes three such flaws, Microsoft recommends users apply the fix as soon as possible.

    The three zero-days that were fixed are CVE-2023-21823 (Windows graphics component remote code execution), CVE-2023-21715 (Microsoft publisher
    security features bypass), and CVE-2023-23376 (Windows common log file system driver elevation of privilege vulnerability). These three allowed threat actors to execute code remotely, bypass Office macro policies, or gain system privileges. Updates via Microsoft Store

    Microsoft also said that it will be pushing this update out to the users through the Microsoft Store, not Windows Update. That means that the
    customers with disabled automatic updates in the Microsoft Store will not get the patch automatically and will rather need to trigger it themselves. Read more

    The first Microsoft Patch Tuesday of 2023 includes some rather important
    fixes


    Microsoft's latest Patch Tuesday broke some VMs, but there's a fix


    Check out the best firewalls right now

    The company did not detail who, or where, leveraged these flaws to initiate attacks, but it did say exploiting 21715 allows a malicious Publisher
    document to run without warning the user.

    "The attack itself is carried out locally by a user with authentication to
    the targeted system," the company said. "An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer."

    The February 2023 Patch Tuesday cumulative update addresses a total of nine vulnerabilities classified as critical, which allow for remote code
    execution.

    In total, Microsoft fixed 12 elevation of privilege flaws, two security feature bypass flaws, 38 remote code execution flaws, 8 information
    disclosure vulnerabilities, 10 denial of service vulnerabilities, and 8 spoofing flaws. Earlier this month, Microsoft released fixes for three additional vulnerabilities found in the Edge browser , which are not part of this update. Keep your business safe with the best endpoint protection for small business

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-unveils-fixes-for-more-critical-secur ity-flaws-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)