State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Critical Patches Issued for Microsoft Products February 14, 2023

NJCCIC Advisory

Original Release Date: 2/15/2023

This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals.

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those that operate with administrative user rights.

Threat Intelligence

Three zero-day vulnerabilities addressed in this advisory were reported by Microsoft, all three have been exploited in the wild.

  • CVE-2023-21823 - Windows Graphics Component Remote Code Execution is a Remote Code Execution vulnerability that can lead to an attacker executing code in an elevated context.
  • CVE-2023-21715 - Microsoft Publisher Security Features Bypass allows an attacker to avoid policies that disallow the execution of macros from untrusted files.
  • CVE-2023-23376 - Windows Common Log File System Driver Elevation of Privilege allows an attacker to gain SYSTEM level privileges.

Systems Affected

  • .NET and Visual Studio
  • .NET Framework
  • 3D Builder
  • Azure App Service
  • Azure Data Box Gateway
  • Azure DevOps
  • Azure Machine Learning
  • HoloLens
  • Internet Storage Name Service
  • Microsoft Defender for Endpoint
  • Microsoft Defender for IoT
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office OneNote
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft PostScript Printer Driver
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows Codecs Library
  • Power BI
  • SQL Server
  • Visual Studio
  • Windows Active Directory
  • Windows ALPC
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows Distributed File System (DFS)
  • Windows Fax and Scan Service
  • Windows HTTP.sys
  • Windows Installer
  • Windows iSCSI
  • Windows Kerberos
  • Windows MSHTML Platform
  • Windows ODBC Driver
  • Windows Protected EAP (PEAP)
  • Windows SChannel
  • Windows Win32K

Risk

Government

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses

  • Large and medium business entities: High
  • Small business entities: Medium

Home Users: Low

Technical Summary

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution.

A full list of all vulnerabilities can be found at: https://msrc.microsoft.com/update-guide

Recommendations

  • Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources.
  • Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.

References

Microsoft

https://msrc.microsoft.com/update-guide/
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb

HelpNetSecurity

https://www.helpnetsecurity.com/2023/02/14/microsoft-patches-three-exploited-zero-days-cve-2023-21715-cve-2023-23376-cve-2023-21823/

Reporting

The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.

Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov with any questions.  Also, for more background on our recent cybersecurity efforts, please visit cyber.nj.gov.
 

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.