Overview
On February 15, NSFOCUS CERT monitored that Microsoft had released a security update patch for February, which fixed 75 security issues, involving widely-used products such as Microsoft Exchange Server, Microsoft Word, Windows Graphics Component, Microsoft Publisher, etc., including high-risk vulnerability types such as privilege enhancement and remote code execution.
Among the vulnerabilities fixed in Microsoft’s monthly update this month, there are 9 critical vulnerabilities and 66 important vulnerabilities, including 3 0-day vulnerabilities:
Windows Graphics Component Remote Code Execution Vulnerability (CVE-2023-21823)
Microsoft Publisher security feature bypass vulnerability (CVE-2023-21715)
Windows Universal Log File System Driver Privilege Escalation Vulnerability (CVE-2023-23376)
Relevant users are requested to update the patch for protection as soon as possible. Please refer to the appendix for a complete list of vulnerabilities.
Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
Key Vulnerabilities
According to the popularity of the product and the importance of the vulnerability, the vulnerability with greater impact is screened out in this update. Relevant users should pay attention to it:
Windows Graphics Component remote code execution vulnerability (CVE-2023-21823):
Because the application in the Graphics Component does not implement the correct security restrictions, local attackers with low privileges can bypass the security restrictions by exploiting this vulnerability, thus upgrading to SYSTEM privileges on the target system without user interaction. At present, it has been detected that the vulnerability has been exploited in the field, and the CVSS score is 7.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
Microsoft Publisher security feature bypass vulnerability (CVE-2023-21715):
There is a security function bypass vulnerability in Microsoft Publisher. An attacker can attack the target system by inducing users to download and open malicious files from the website. An attacker who successfully exploits this vulnerability can bypass the Office macro policy used to block untrusted or malicious files, thereby allowing macros in malicious Publisher documents to run. At present, it has been detected that the vulnerability has been exploited in the wild, and the CVSS score is 7.3.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715
Windows Universal Log File System Driver Privilege Escalation Vulnerability (CVE-2023-23376):
There is a privilege escalation vulnerability in the Windows Common Log File System driver. Due to the boundary error in the Windows Common Log File System driver, local attackers can trigger memory corruption by running malicious programs, and finally execute arbitrary code with SYSTEM privileges on the target system. At present, it has been detected that the vulnerability has been exploited in the wild, and the CVSS score is 7.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376
Microsoft Protected Extensible Authentication Protocol (PEAP) remote code execution vulnerability (CVE-2023-21689):
Microsoft PEAP has a remote code execution vulnerability (CVE-2023-21689). A remote unauthenticated attacker triggers malicious code when calling the server account context on the network, resulting in the execution of arbitrary code on the target server. The CVSS score is 9.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689
Microsoft Protected Extensible Authentication Protocol (PEAP) remote code execution vulnerability (CVE-2023-21689/CVE-2023-21690/CVE-2023-21692):
Microsoft PEAP has a remote code execution vulnerability (CVE-2023-21690/CVE-2023-21692). A remote unauthenticated attacker attacks the target server by sending a specially crafted malicious PEAP packet to the target server. An attacker who successfully exploits the vulnerability can execute arbitrary code on the target system. The CVSS score is 9.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21690
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21692
Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716):
There is a remote code execution vulnerability in Microsoft Word. An attacker can send a malicious email containing RTF payload. When a user is successfully induced to access and open a specially crafted malicious file on the affected system, an attacker without authentication can use this vulnerability to execute arbitrary code on the target system, and the preview pane can also be used as the attack medium of this vulnerability. The CVSS score is 9.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716
Microsoft Exchange Server remote code execution vulnerability (CVE-2023-21707/CVE-2023-21706/CVE-2023-21529):
Microsoft Exchange Server has a remote code execution vulnerability. An authenticated remote attacker triggers malicious code when calling the server account context on the network, resulting in the execution of arbitrary code on the target server. CVSS score is 8.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529
Microsoft SharePoint Server privilege escalation vulnerability (CVE-2023-21717):
Microsoft SharePoint server has a privilege escalation vulnerability. An authenticated attacker with the Manage List privilege can gain access to create a site through this vulnerability, and finally execute arbitrary code on the target server. The CVSS score is 8.8.
Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717
Scope of Impact
The following are some affected product versions that focus on vulnerabilities. For the scope of other products affected by vulnerabilities, please refer to the official announcement link.
Vulnerability number | Affected product version |
CVE-2023-21823 | Microsoft Office for Android Microsoft Office for iOS Microsoft Office for Universal Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) |
CVE-2023-21715 | Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems |
CVE-2023-23376 CVE-2023-21692 | Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) |
CVE-2023-21689 CVE-2023-21690 | Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) |
CVE-2023-21716 | SharePoint Server Subscription Edition Language Pack Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC for Mac 2021 Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office 2019 for Mac Microsoft Office Online Server |
CVE-2023-21707 CVE-2023-21706 CVE-2023-2152 | Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2019 Cumulative Update 12 |
CVE-2023-21717 | Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 |
Mitigation
Patch update
At present, Microsoft has officially released a security patch to fix the above vulnerabilities for the supported product versions. It is strongly recommended that the affected users install the patch for protection as soon as possible. The official download link:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
Note: Due to network problems, computer environment problems and other reasons, the patch update of Windows Update may fail. After installing the patch, users should check whether the patch is successfully updated.
Right-click the Windows icon, select “Settings”, select “Update and Security” – “Windows Update” to view the prompt information on this page, or click “View Update History” to view the historical updates. For updates that have not been successfully installed, you can click the update name to jump to the official download page of Microsoft. It is recommended that users click the link on this page and go to the “Microsoft Update Directory” website to download and install the independent package.
Appendix: Vulnerability List
Impact products | CVE No | Vulnerability Title | Severity |
Windows iSCSI | CVE-2023-21803 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability | Critical |
Microsoft Office Word | CVE-2023-21716 | Microsoft Word Remote Code Execution Vulnerability | Critical |
Windows Protected EAP (PEAP) | CVE-2023-21692 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | Critical |
Windows Protected EAP (PEAP) | CVE-2023-21690 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | Critical |
Windows Protected EAP (PEAP) | CVE-2023-21689 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2023-21815 | Visual Studio Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2023-23381 | Visual Studio Remote Code Execution Vulnerability | Critical |
.NET and Visual Studio | CVE-2023-21808 | . NET and Visual Studio Remote Code Execution Vulnerability | Critical |
SQL Server | CVE-2023-21718 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2023-21823 | Windows Graphics Component Remote Code Execution Vulnerability | Important |
Microsoft Office Publisher | CVE-2023-21715 | Microsoft Publisher Security Feature Bypass Vulnerability | Important |
Windows Common Log File System Driver | CVE-2023-23376 | Windows Universal Log File System Driver Privilege Escalation Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21707 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21706 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21529 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2023-21717 | Microsoft SharePoint Server Privilege Escalation Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-21684 | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21686 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21685 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21799 | Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21713 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21705 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
Windows ODBC Driver | CVE-2023-21797 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows ODBC Driver | CVE-2023-21798 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Azure App Service | CVE-2023-21777 | Azure App Service on Azure Stack Hub Privilege Escalation Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21778 | Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | Important |
Power BI | CVE-2023-21806 | Power BI Report Server Spoofing Vulnerability | Important |
3D Builder | CVE-2023-23390 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-23377 | 3D Builder Remote Code Execution Vulnerability | Important |
3D Builder | CVE-2023-23378 | Print 3D Remote Code Execution Vulnerability | Important |
Microsoft Defender for Endpoint | CVE-2023-21809 | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-21804 | Windows Graphics Component Privilege Escalation Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-21801 | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-21802 | Windows Media Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21528 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21704 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2023-21566 | Visual Studio Privilege Escalation Vulnerability | Important |
Windows ALPC | CVE-2023-21688 | NT operating system kernel privilege escalation vulnerability | Important |
Windows Installer | CVE-2023-21800 | Windows Installer Privilege Escalation Vulnerability | Important |
Windows Kerberos | CVE-2023-21817 | Windows Kerberos Privilege Escalation Vulnerability | Important |
Windows MSHTML Platform | CVE-2023-21805 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
Windows Win32K | CVE-2023-21822 | Windows Graphics Component Privilege Escalation Vulnerability | Important |
Azure DevOps | CVE-2023-21553 | Azure DevOps Server Remote Code Execution Vulnerability | Important |
Windows Active Directory | CVE-2023-21816 | Windows Active Directory Domain Services API Denial of Service Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-21813 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-21819 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows iSCSI | CVE-2023-21700 | Windows iSCSI Discovery Service Denial of Service Vulnerability | Important |
Windows iSCSI | CVE-2023-21702 | Windows iSCSI Service Denial of Service Vulnerability | Important |
Windows iSCSI | CVE-2023-21811 | Windows iSCSI Service Denial of Service Vulnerability | Important |
Windows Protected EAP (PEAP) | CVE-2023-21695 | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | Important |
Windows Protected EAP (PEAP) | CVE-2023-21701 | Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability | Important |
Windows Protected EAP (PEAP) | CVE-2023-21691 | Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability | Important |
Windows SChannel | CVE-2023-21818 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows Distributed File System (DFS) | CVE-2023-21820 | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-21568 | Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2023-21710 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Azure DevOps | CVE-2023-21564 | Azure DevOps Server Cross-Site Scripting Vulnerability | Important |
Windows Fax and Scan Service | CVE-2023-21694 | Windows Fax Service Remote Code Execution Vulnerability | Important |
Azure Data Box Gateway | CVE-2023-21703 | Azure Data Box Gateway Remote Code Execution Vulnerability | Important |
Azure Machine Learning | CVE-2023-23382 | Azure Machine Learning Compute Instance Information Disclosure Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21572 | Microsoft Dynamics 365 (Local) Cross-Site Scripting Vulnerability | Important |
Microsoft Office OneNote | CVE-2023-21721 | Microsoft OneNote spoofing vulnerability | Important |
Microsoft Defender for IoT | CVE-2023-23379 | Microsoft Defender for IoT Entitlement Escalation Vulnerability | Important |
Internet Storage Name Service | CVE-2023-21697 | Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21807 | Microsoft Dynamics 365 (Local) Cross-Site Scripting Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-21693 | Microsoft PostScript Printer Driver Information Disclosure Vulnerability | Important |
Visual Studio | CVE-2023-21567 | Visual Studio Denial of Service Vulnerability | Important |
Microsoft Office | CVE-2023-21714 | Microsoft Office Office Information Disclosure Vulnerability | Important |
Windows HTTP.sys | CVE-2023-21687 | HTTP.sys Information Disclosure Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21573 | Microsoft Dynamics 365 (Local) Cross-Site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21571 | Microsoft Dynamics 365 (Local) Cross-Site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-21570 | Microsoft Dynamics 365 (Local) Cross-Site Scripting Vulnerability | Important |
Internet Storage Name Service | CVE-2023-21699 | Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability | Important |
.NET Framework | CVE-2023-21722 | . NET Framework Denial of Service Vulnerability | Important |
Windows Common Log File System Driver | CVE-2023-21812 | Windows Universal Log File System Driver Privilege Escalation Vulnerability | Important |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.