Microsoft’s February security update for multiple high-risk product vulnerabilities

Microsoft’s February security update for multiple high-risk product vulnerabilities

February 20, 2023 | NSFOCUS

Overview

On February 15, NSFOCUS CERT monitored that Microsoft had released a security update patch for February, which fixed 75 security issues, involving widely-used products such as Microsoft Exchange Server, Microsoft Word, Windows Graphics Component, Microsoft Publisher, etc., including high-risk vulnerability types such as privilege enhancement and remote code execution.

Among the vulnerabilities fixed in Microsoft’s monthly update this month, there are 9 critical vulnerabilities and 66 important vulnerabilities, including 3 0-day vulnerabilities:

Windows Graphics Component Remote Code Execution Vulnerability (CVE-2023-21823)

Microsoft Publisher security feature bypass vulnerability (CVE-2023-21715)

Windows Universal Log File System Driver Privilege Escalation Vulnerability (CVE-2023-23376)

Relevant users are requested to update the patch for protection as soon as possible. Please refer to the appendix for a complete list of vulnerabilities.

Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb

Key Vulnerabilities

According to the popularity of the product and the importance of the vulnerability, the vulnerability with greater impact is screened out in this update. Relevant users should pay attention to it:

Windows Graphics Component remote code execution vulnerability (CVE-2023-21823):

Because the application in the Graphics Component does not implement the correct security restrictions, local attackers with low privileges can bypass the security restrictions by exploiting this vulnerability, thus upgrading to SYSTEM privileges on the target system without user interaction. At present, it has been detected that the vulnerability has been exploited in the field, and the CVSS score is 7.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823

Microsoft Publisher security feature bypass vulnerability (CVE-2023-21715):

There is a security function bypass vulnerability in Microsoft Publisher. An attacker can attack the target system by inducing users to download and open malicious files from the website. An attacker who successfully exploits this vulnerability can bypass the Office macro policy used to block untrusted or malicious files, thereby allowing macros in malicious Publisher documents to run. At present, it has been detected that the vulnerability has been exploited in the wild, and the CVSS score is 7.3.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715

Windows Universal Log File System Driver Privilege Escalation Vulnerability (CVE-2023-23376):

There is a privilege escalation vulnerability in the Windows Common Log File System driver. Due to the boundary error in the Windows Common Log File System driver, local attackers can trigger memory corruption by running malicious programs, and finally execute arbitrary code with SYSTEM privileges on the target system. At present, it has been detected that the vulnerability has been exploited in the wild, and the CVSS score is 7.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376

Microsoft Protected Extensible Authentication Protocol (PEAP) remote code execution vulnerability (CVE-2023-21689):

Microsoft PEAP has a remote code execution vulnerability (CVE-2023-21689). A remote unauthenticated attacker triggers malicious code when calling the server account context on the network, resulting in the execution of arbitrary code on the target server. The CVSS score is 9.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689

Microsoft Protected Extensible Authentication Protocol (PEAP) remote code execution vulnerability (CVE-2023-21689/CVE-2023-21690/CVE-2023-21692):

Microsoft PEAP has a remote code execution vulnerability (CVE-2023-21690/CVE-2023-21692). A remote unauthenticated attacker attacks the target server by sending a specially crafted malicious PEAP packet to the target server. An attacker who successfully exploits the vulnerability can execute arbitrary code on the target system. The CVSS score is 9.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21690

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21692

Microsoft Word Remote Code Execution Vulnerability (CVE-2023-21716):

There is a remote code execution vulnerability in Microsoft Word. An attacker can send a malicious email containing RTF payload. When a user is successfully induced to access and open a specially crafted malicious file on the affected system, an attacker without authentication can use this vulnerability to execute arbitrary code on the target system, and the preview pane can also be used as the attack medium of this vulnerability. The CVSS score is 9.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716

Microsoft Exchange Server remote code execution vulnerability (CVE-2023-21707/CVE-2023-21706/CVE-2023-21529):

Microsoft Exchange Server has a remote code execution vulnerability. An authenticated remote attacker triggers malicious code when calling the server account context on the network, resulting in the execution of arbitrary code on the target server. CVSS score is 8.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529

Microsoft SharePoint Server privilege escalation vulnerability (CVE-2023-21717):

Microsoft SharePoint server has a privilege escalation vulnerability. An authenticated attacker with the Manage List privilege can gain access to create a site through this vulnerability, and finally execute arbitrary code on the target server. The CVSS score is 8.8.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717

Scope of Impact

The following are some affected product versions that focus on vulnerabilities. For the scope of other products affected by vulnerabilities, please refer to the official announcement link.

Vulnerability numberAffected product version
CVE-2023-21823Microsoft Office for Android
Microsoft Office for iOS
Microsoft Office for Universal
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
CVE-2023-21715Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
CVE-2023-23376
CVE-2023-21692
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
CVE-2023-21689
CVE-2023-21690
Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation)
CVE-2023-21716SharePoint Server Subscription Edition Language Pack
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for Mac
Microsoft Office Online Server
CVE-2023-21707
CVE-2023-21706
CVE-2023-2152  
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12
CVE-2023-21717Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016

Mitigation

Patch update

At present, Microsoft has officially released a security patch to fix the above vulnerabilities for the supported product versions. It is strongly recommended that the affected users install the patch for protection as soon as possible. The official download link:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb

Note: Due to network problems, computer environment problems and other reasons, the patch update of Windows Update may fail. After installing the patch, users should check whether the patch is successfully updated.

Right-click the Windows icon, select “Settings”, select “Update and Security” – “Windows Update” to view the prompt information on this page, or click “View Update History” to view the historical updates. For updates that have not been successfully installed, you can click the update name to jump to the official download page of Microsoft. It is recommended that users click the link on this page and go to the “Microsoft Update Directory” website to download and install the independent package.

Appendix: Vulnerability List

Impact productsCVE NoVulnerability TitleSeverity
Windows iSCSICVE-2023-21803Windows iSCSI Discovery Service Remote Code Execution VulnerabilityCritical
Microsoft Office WordCVE-2023-21716Microsoft Word Remote Code Execution VulnerabilityCritical
Windows Protected EAP (PEAP)CVE-2023-21692Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityCritical
Windows Protected EAP (PEAP)CVE-2023-21690Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityCritical
Windows Protected EAP (PEAP)CVE-2023-21689Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2023-21815Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2023-23381Visual Studio Remote Code Execution VulnerabilityCritical
.NET and Visual StudioCVE-2023-21808. NET and Visual Studio Remote Code Execution VulnerabilityCritical
SQL ServerCVE-2023-21718Microsoft SQL ODBC Driver Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2023-21823Windows Graphics Component Remote Code Execution VulnerabilityImportant
Microsoft Office PublisherCVE-2023-21715Microsoft Publisher Security Feature Bypass VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-23376Windows Universal Log File System Driver Privilege Escalation VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21707Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21706Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21529Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-21717Microsoft SharePoint Server Privilege Escalation VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-21684Microsoft PostScript Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-21686Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-21685Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-21799Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-21713Microsoft SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-21705Microsoft SQL Server Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2023-21797Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Windows ODBC DriverCVE-2023-21798Microsoft ODBC Driver Remote Code Execution VulnerabilityImportant
Azure App ServiceCVE-2023-21777Azure App Service on Azure Stack Hub Privilege Escalation VulnerabilityImportant
Microsoft DynamicsCVE-2023-21778Microsoft Dynamics Unified Service Desk Remote Code Execution VulnerabilityImportant
Power BICVE-2023-21806Power BI Report Server Spoofing VulnerabilityImportant
3D BuilderCVE-2023-233903D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-233773D Builder Remote Code Execution VulnerabilityImportant
3D BuilderCVE-2023-23378Print 3D Remote Code Execution VulnerabilityImportant
Microsoft Defender for EndpointCVE-2023-21809Microsoft Defender for Endpoint Security Feature Bypass VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-21804Windows Graphics Component Privilege Escalation VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-21801Microsoft PostScript Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-21802Windows Media Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-21528Microsoft SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-21704Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-21566Visual Studio Privilege Escalation VulnerabilityImportant
Windows ALPCCVE-2023-21688NT operating system kernel privilege escalation vulnerabilityImportant
Windows InstallerCVE-2023-21800Windows Installer Privilege Escalation VulnerabilityImportant
Windows KerberosCVE-2023-21817Windows Kerberos Privilege Escalation VulnerabilityImportant
Windows MSHTML PlatformCVE-2023-21805Windows MSHTML Platform Remote Code Execution VulnerabilityImportant
Windows Win32KCVE-2023-21822Windows Graphics Component Privilege Escalation VulnerabilityImportant
Azure DevOpsCVE-2023-21553Azure DevOps Server Remote Code Execution VulnerabilityImportant
Windows Active DirectoryCVE-2023-21816Windows Active Directory Domain Services API Denial of Service VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-21813Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Cryptographic ServicesCVE-2023-21819Windows Secure Channel Denial of Service VulnerabilityImportant
Windows iSCSICVE-2023-21700Windows iSCSI Discovery Service Denial of Service VulnerabilityImportant
Windows iSCSICVE-2023-21702Windows iSCSI Service Denial of Service VulnerabilityImportant
Windows iSCSICVE-2023-21811Windows iSCSI Service Denial of Service VulnerabilityImportant
Windows Protected EAP (PEAP)CVE-2023-21695Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityImportant
Windows Protected EAP (PEAP)CVE-2023-21701Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service VulnerabilityImportant
Windows Protected EAP (PEAP)CVE-2023-21691Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure VulnerabilityImportant
Windows SChannelCVE-2023-21818Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Distributed File System (DFS)CVE-2023-21820Windows Distributed File System (DFS) Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-21568Microsoft SQL Server Integration Service (VS extension) Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-21710Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Azure DevOpsCVE-2023-21564Azure DevOps Server Cross-Site Scripting VulnerabilityImportant
Windows Fax and Scan ServiceCVE-2023-21694Windows Fax Service Remote Code Execution VulnerabilityImportant
Azure Data Box GatewayCVE-2023-21703Azure Data Box Gateway Remote Code Execution VulnerabilityImportant
Azure Machine LearningCVE-2023-23382Azure Machine Learning Compute Instance Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2023-21572Microsoft Dynamics 365 (Local) Cross-Site Scripting VulnerabilityImportant
Microsoft Office OneNoteCVE-2023-21721Microsoft OneNote spoofing vulnerabilityImportant
Microsoft Defender for IoTCVE-2023-23379Microsoft Defender for IoT Entitlement Escalation VulnerabilityImportant
Internet Storage Name ServiceCVE-2023-21697Windows Internet Storage Name Service (iSNS) Server Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2023-21807Microsoft Dynamics 365 (Local) Cross-Site Scripting VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-21693Microsoft PostScript Printer Driver Information Disclosure VulnerabilityImportant
Visual StudioCVE-2023-21567Visual Studio Denial of Service VulnerabilityImportant
Microsoft OfficeCVE-2023-21714Microsoft Office Office Information Disclosure VulnerabilityImportant
Windows HTTP.sysCVE-2023-21687HTTP.sys Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2023-21573Microsoft Dynamics 365 (Local) Cross-Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-21571Microsoft Dynamics 365 (Local) Cross-Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-21570Microsoft Dynamics 365 (Local) Cross-Site Scripting VulnerabilityImportant
Internet Storage Name ServiceCVE-2023-21699Windows Internet Storage Name Service (iSNS) Server Information Disclosure VulnerabilityImportant
.NET FrameworkCVE-2023-21722. NET Framework Denial of Service VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-21812Windows Universal Log File System Driver Privilege Escalation VulnerabilityImportant

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.