Microsoft's "Patch Tuesday" security update, which coincides with Valentine's Day on 14 February, reportedly fixes 76 vulnerabilities, including 7 critical cases and 3 zero-day threats that have been confirmed to be exploited in the wild. Two of the three zero-day threats directly affect users of Windows 10 and 11 and most versions of Windows Server since 2008, while the third affects users of Micro Soft Publisher and, if successful, could lead to a computer takeover.
The patched vulnerabilities are sophisticated in nature, with subtle characteristics. Vulnerabilities such as:
CVE-2023-21823 is a zero-day Windows Remote Code Execution vulnerability that could allow an attacker to run code on the victim's machine without logging on. This remote code execution vulnerability authenticates the attacker to gain system privileges and is relatively easy to exploit.
CVE-2023-23376 is a Windows privilege escalation zero-day threat that allows an attacker to elevate to system level with normal user access privileges. Like CVE-2023-21823, it is easy to exploit and uses local vectors that require only low-level access and no user interaction.
CVE-2023-21715 is a zero-day vulnerability in Microsoft Publisher that allows an attacker to bypass security features designed to block malicious files. Attackers use social engineering tactics to trick the victim into downloading these malicious files from a Web site.
Similar threats such as CVE-2023-21808, CVE-2023-21815, CVE-2023-23381, CVE-2023-21718, CVE-2023-21716, CVE-2023-21803, and CVE-2023-21692 are also sophisticated and require the victim to trigger their execution either by downloading, connecting, or clicking on the infected code page.
Microsoft's security guidance urges users of its products to enforce a Microsoft Office file blocking policy, keep track of Windows security updates, and apply them as soon as possible to ensure complete protection against enforced zero-day and other critical-rated threats.