Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild.

The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month.

Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are classified as remote code execution (RCE) flaws. The three zero-days of note that have been exploited are as follows –

  • CVE-2023-21715 (CVSS score: 7.3) – Microsoft Office Security Feature Bypass Vulnerability

  • CVE-2023-21823 (CVSS score: 7.8) – Windows Graphics Component Elevation of Privilege Vulnerability

  • CVE-2023-23376 (CVSS score: 7.8) – Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability

“The attack itself is carried out locally by a user with authentication to the targeted system,” Microsoft said in advisory for CVE-2023-21715.

“An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer.”

Successful exploitation of the above flaws could enable an adversary to bypass Office macro policies used to block untrusted or malicious files or gain SYSTEM privileges.

CVE-2023-23376 is also the third actively exploited zero-day flaw in the CLFS component after CVE-2022-24521 and CVE-2022-37969 (CVSS scores: 7.8), which were addressed by Microsoft in April and September 2022.

“The Windows Common Log File System Driver is a component of the Windows operating system that manages and maintains a high-performance, transaction-based log file system,” Immersive Labs’ Nikolas Cemerikic said.

“It is an essential component of the Windows operating system, and any vulnerabilities in this driver could have significant implications for the security and reliability of the system.”

It’s worth noting that Microsoft OneNote for Android is vulnerable to CVE-2023-21823, and with the note-taking service increasingly emerging as a conduit for delivering malware, it’s crucial that users apply the fixes.

Also addressed by Microsoft are multiple RCE defects in Exchange Server, ODBC Driver, PostScript Printer Driver, and SQL Server as well as denial-of-service (DoS) issues impacting Windows iSCSI Service and Windows Secure Channel.

Three of the Exchange Server flaws are classified by the company as “Exploitation More Likely,” although successful exploitation requires the attacker to be already authenticated.

Exchange servers have proven to be high-value targets in recent years as they can enable unauthorized access to sensitive information, or facilitate Business Email Compromise (BEC) attacks.

Software Patches from Other Vendors

Besides Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including —

  1. Adobe
  2. AMD
  3. Android
  4. Apple
  5. Atlassian
  6. Cisco
  7. Citrix
  9. Dell
  10. Drupal
  11. F5
  12. GitLab
  13. Google Chrome
  14. HP
  15. IBM
  16. Intel
  17. Juniper Networks
  18. Lenovo
  19. Linux distributions DebianOracle LinuxRed HatSUSE, and Ubuntu
  20. MediaTek
  21. Mozilla Firefox, Firefox ESR, and Thunderbird
  23. NVIDIA
  24. Palo Alto Networks
  25. Qualcomm
  26. Samba
  27. Samsung
  28. SAP
  29. Schneider Electric
  30. Siemens
  31. Sophos
  32. Synology
  33. Trend Micro
  34. VMware
  35. Zoho, and
  36. Zyxel