Microsoft announced security upgrades on 15th February 2023 to address 75 vulnerabilities across its product range, of which three have been exploited in the wild.

The upgrades are in addition to the 22 vulnerabilities that Microsoft has fixed in its Chromium-based Edge browser during the previous month.

Nine of the 75 vulnerabilities are rated Critical, while 66 are rated Important. 37 out of 75 defects are remote code execution (RCE) vulnerabilities. The three noteworthy zero-day vulnerabilities that have been exploited are as follows:

CVE-2023-21715 (CVSS score: 7.3) (CVSS score: 7.3) – Microsoft Office Security Function Bypass Flaw
CVE-2023-21823 (CVSS score: 7.8) (CVSS score: 7.8) Windows Graphics Component Privilege Elevation Vulnerability
CVE-2023-23376 (CVSS score: 7.8) (CVSS score: 7.8) – Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability in Microsoft Windows
Microsoft stated in their advisory for CVE-2023-21715 that “the actual attack is carried out locally by a person having authentication to the targeted system.”

“An authenticated attacker could exploit the vulnerability by socially engineering a victim into downloading and opening a specially constructed file from a website, leading to a local attack on the victim’s PC.”

A successful exploit of the vulnerabilities listed above could allow an adversary to circumvent Office macro policies designed to block untrusted or malicious files or gain SYSTEM rights.

CVE-2023-23376 is also the third actively exploited zero-day vulnerability in the CLFS component, following CVE-2022-24521 and CVE-2022-37969 (CVSS scores: 7.8), which Microsoft fixed in April 2022 and September 2022, respectively.

It is a crucial component of the Windows operating system, and any flaws in this driver could have serious effects on the system’s security and dependability.

Notably, Microsoft OneNote for Android is susceptible to CVE-2023-21823, and as the note-taking application increasingly becomes a vector for transmitting malware, it’s imperative that users implement the updates.

Microsoft also addresses various RCE vulnerabilities in Exchange Server, ODBC Driver, PostScript Printer Driver, and SQL Server, as well as denial-of-service (DoS) vulnerabilities affecting Windows iSCSI Service and Windows Secure Channel.

The business classifies three Exchange Server vulnerabilities as “Exploitation More Likely,” however effective exploitation requires the attacker to be already authenticated.

In recent years, Exchange servers have proven to be high-value targets, as they can facilitate unauthorized access to sensitive information and Business Email Compromise (BEC) attacks.