Home > Security Bulletins > Microsoft Patch Tuesday – February 2023

Microsoft Patch Tuesday – February 2023

Microsoft Patch Tuesday – 77 patches this month

Microsoft Patch Tuesday

This month’s Patch Tuesday has security updates to fix three actively exploited zero-days and a total of 77 fixes.
Fixes for multiple products were released as usual – including nine Critical severity vulnerabilities, which allow Remote Code Execution on vulnerable devices.

The most important patches are:

CVE-2023-21823 – Remote Code Execution vulnerability in the Windows Graphics Component. An attack exploiting this vulnerability can execute commands with SYSTEM account privileges. CVSS 3.1: 7.8 (High)

CVE-2023-21715 – Microsoft Publisher Security Features Bypass. An attack exploiting this vulnerability would allows macros in a malicious Publisher document to run without warning the user. CVSS 3.1: 7.3 (High)

CVE-2023-23376 – Privilege Escalation vulnerability in the Windows Common Log File System Driver. An active exploiting this vulnerability allows an attacker to gain SYSTEM account privileges. CVSS 3.1: 7.8 (High)

The 77 patches this month break down as follows:

  • 38 Remote Code Execution
  • 12 Privilege Escalation
  • 10 Denial of Service
  • 8 Information Disclosure
  • 8 Spoofing
  • 2 Security Feature Bypass

Affected Products

  • .NET and Visual Studio
  • .NET Framework
  • 3D Builder
  • Azure App Service
  • Azure Data Box Gateway
  • Azure DevOps
  • Azure Machine Learning
  • HoloLens
  • Internet Storage Name Service
  • Microsoft Defender for Endpoint
  • Microsoft Defender for IoT
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office OneNote
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft PostScript Printer Driver
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows Codecs Library
  • Power BI
  • SQL Server
  • Visual Studio
  • Windows Active Directory
  • Windows ALPC
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows Distributed File System (DFS)
  • Windows Fax and Scan Service
  • Windows HTTP.sys
  • Windows Installer
  • Windows iSCSI
  • Windows Kerberos
  • Windows MSHTML Platform
  • Windows ODBC Driver
  • Windows Protected EAP (PEAP)
  • Windows SChannel
  • Windows Win32K