Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Microsoft Patch Tuesday, February 2023 patches 75 vulnerabilities including three zero-day vulnerabilities 9 critical, 66 important)
Image
Gepubliceerd : 15/02/2023
Reference:
Advisory #Advisory #2023-18
Version:
1.0
Affected software:
.NET and Visual Studio
.NET Framework
3D Builder
Azure App Service
Azure DevOps
Azure Machine Learning
HoloLens
Internet Storage Name Service
Microsoft Defender for Endpoint
Microsoft Defender for IoT
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Office
Microsoft Office OneNote
Microsoft Office Publisher
Microsoft Office SharePoint
Microsoft Office Word
Microsoft PostScript Printer Driver
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows Codecs Library
Power BI
SQL Server
Visual Studio
Windows Active Directory
Windows ALPC
Windows Common Log File System Driver
Windows Cryptographic Services
Windows Distributed File System (DFS)
Windows Fax and Scan Service
Windows HTTP.sys
Windows Installer
Windows iSCSI
Windows Kerberos
Windows MSHTML Platform
Windows ODBC Driver
Windows Protected EAP (PEAP)
Windows SChannel
Windows Win32K
Type:
Several types, ranging from denial of service to privilege escalation and remote code execution.
CVE/CVSS:
Microsoft Patch Tuesday, February 2023 patches 75 vulnerabilities including three zero-day vulnerabilities 9 critical, 66 important)Number of CVE by type:
- 12 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 36 Remote Code Execution Vulnerabilities
- 7 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 8 Spoofing Vulnerabilities
Sources
Microsoft MSRC - https://msrc.microsoft.com/update-guide/releaseNote/2023
Risks
This month’s Patch Tuesday includes 9 critical and 66 important vulnerabilities for a wide range of Microsoft products and technologies. Microsoft reports three vulnerabilities as zero-day vulnerabilities that are actively exploited: CVE-2023-21715 (Microsoft Publisher Security Features Bypass Vulnerability), CVE-2023-21823 (Windows Graphics Component Remote Code Execution), and CVE-2023-23376 (Windows Common Log File System Driver Elevation of Privilege Vulnerability).
Microsoft fixed a critical issue in Microsoft Word (CVE-2023-21716) which allows an attacker to craft an email RTF payload that executes commands in the application used to open the malicious file. The payload will execute when viewing the attachment in the preview pane of Microsoft Outlook.
This month's Patch Tuesday includes three vulnerabilities for Microsoft Exchange: CVE 2023 21529, CVE-2023-21706, and CVE-2023-21707. These vulnerabilities are all listed as: "Microsoft Exchange Server Remote Code Execution." Microsoft stated that authentication is required to exploit these vulnerabilities.
Implementing patch management for Microsoft Exchange servers is highly recommended. Microsoft Exchange servers are high-value targets for threat actors. The CCB warned its constituency multiple times in the last two years for actively exploited vulnerabilities targeting Microsoft Exchange server.
- March 2021: [ProxyLogon](https://cert.be/en/multiple-critical-vulnerabilities-microsoft-exchange)
- August 2021: [ProxyShell](https://cert.be/en/microsoft-exchange-servers-actively-scanned-proxyshell-vulnerability)
- November 2022: [ProxyNotShell](https://cert.be/en/two-zero-day-vulnerabilities-microsoft-exchange-server-dubbed-proxynotshell-pose-risk-remote-code)
- December 2022: [OWASSRF](https://cert.be/en/warning-ransomware-actors-are-actively-exploiting-new-exploit-method-dubbed-owassrf-patch)
- January 2023: [January 2023 Patch Tuesday](https://cert.be/en/warning-microsoft-patch-tuesday-january-2023-patches-98-vulnerabilities-including-one-zero-day)
Description
CVE-2023-21715 - Microsoft Publisher Security Features Bypass Vulnerability
A zero-day vulnerability in Microsoft Publisher allows malicious macros to execute without warning the user. This vulnerability bypasses Office macro restrictions that block untrusted or malicious files.
This vulnerability could be exploited by an attacker by tricking a user into opening a malicious publisher file. This vulnerability is actively exploited according to Microsoft.
CVE-2023-21823 - Windows Graphics Component Remote Code Execution Vulnerability
This zero-day vulnerability allows an attacker to execute commands using SYSTEM level privileges. This vulnerability is actively exploited according to Microsoft.
NOTE: This update is delivered through the Microsoft Store instead of Windows Update. If you have disabled the Microsoft Store, this update will not be automatically installed.
CVE-2023-23376 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
This zero-day vulnerability allows an attacker to gain SYSTEM privileges. This vulnerability is actively exploited according to Microsoft.
CVE-2023-21716 - Microsoft Word Remote Code Execution Vulnerability
A vulnerability in Microsoft Word which allows an attacker to craft an email RTF payload that executes commands in the application used to open the malicious file. The payload will execute when viewing the attachment in the preview pane of Microsoft Outlook.
CVE-2023-21529 / CVE-2023-21706 / CVE-2023-21707 - Microsoft Exchange Server Remote Code Execution Vulnerability
These vulnerabilities allow a remote authenticated attacker to perform remote code execution through a network call. Authenticated attacks on Exchange servers are aften exploited using phished or leaked credentials.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends Windows system administrators to install updates for vulnerable systems with the highest priority, after thorough testing.References
Bleeping Computer - https://www.bleepingcomputer.com/news/microsoft/microsoft- february-2023-patch-tuesday-fixes-3-exploited-zero-days-77-flaws/
Krebs on security - https://krebsonsecurity.com/2023/02/microsoft-patch-tuesday- february-2023-edition/
Tenable - https://www.tenable.com/blog/microsofts-february-2023-patch- tuesday-addresses-75-cves-cve-2023