Skip to main content

Microsoft Monthly Security Update (February 2023)

Last Update Date: 7 Mar 2023 Release Date: 15 Feb 2023 6573 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2023-03-07] 

Proof of Concept exploit code is publicly available for CVE-2023-21716, affecting Microsoft Word. The vulnerability could be exploited by previewing a malicious RTF document and execute arbitrary code after memory corruption.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
SQL ServerMedium Risk Medium RiskRemote Code Execution
Spoofing
 
WindowsExtremely High Risk Extremely High RiskRemote Code Execution
Elevation of Privilege
Denial of Service
Information Disclosure

Exploit in the wild

CVE-2023-21823

CVE-2023-23376

Extended Security Updates (ESU)Extremely High Risk Extremely High RiskRemote Code Execution
Elevation of Privilege
Denial of Service
Information Disclosure

Exploit in the wild

CVE-2023-21823

CVE-2023-23376

AzureMedium Risk Medium RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Spoofing
 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution
Spoofing
 
BrowserMedium Risk Medium RiskSpoofing
Data Manipulation
Remote Code Execution
 
Exchange ServerMedium Risk Medium RiskRemote Code Execution 
Microsoft OfficeExtremely High Risk Extremely High RiskSpoofing
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Restriction Bypass

Exploit in the wild

CVE-2023-21823

CVE-2023-21715

 

Proof of Concept exploit code Is publicly available for CVE-2023-21716

Developer ToolsMedium Risk Medium RiskElevation of Privilege
Denial of Service
Remote Code Execution
 
AppsMedium Risk Medium RiskRemote Code Execution 
System CenterMedium Risk Medium RiskElevation of Privilege
Security Restriction Bypass
 
DeviceMedium Risk Medium RiskInformation Disclosure 

 

Number of 'Extremely High Risk' product(s): 3

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 9

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk


Impact

  • Denial of Service
  • Remote Code Execution
  • Spoofing
  • Elevation of Privilege
  • Information Disclosure
  • Data Manipulation
  • Security Restriction Bypass

System / Technologies affected

  • SQL Server
  • Windows
  • Extended Security Updates (ESU)
  • Azure
  • Microsoft Dynamics
  • Browser
  • Exchange Server
  • Microsoft Office
  • Developer Tools
  • Apps
  • System Center
  • Device

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link