microsoft official decryption Update guide Web pages are not for the faint of heart.
It has most of the information you need, if not all of the information you really want to know, but there are tons of ways to view it and too many pages that are generated on the fly to display it. Figuring out what’s truly new and what’s truly important can be tricky.
Need to search by affected operating system platform?
Depending on the severity of the vulnerability? With the possibility of exploitation?
Should zero-days be sorted on top?
(We don’t think you can. We think there are 3 zero-days on the list this month, but we had to drill into individual CVE pages and search the text. “Abuse detected” To determine if a particular bug is already known to cybercriminals.)
Which is worse, EoP or RCE?
Is critical Elevation of privilege (EoP) bug important Remote Code Execution (RCE)?
Bugs of the former type require cybercriminals to break in first, but can provide a way to take full control, usually by granting the equivalent of system administrator privileges or operating system-level control.
Bugs of the second type can only attract scammers with low access rights from younger users, but they nevertheless attract scammers to the network in the first place.
Of course, everyone else will breathe a sigh of relief if the attacker doesn’t have access to their stuff, but if you’re the one who’s been attacked, it’s a cold consolation.
Given that this year’s February update arrived on Valentine’s Day, we counted 75 CVE number bugs dated February 14, 2023.
(Actually we like 76, but we ignored bugs as long as they didn’t have a severity rating and were tagged. CVE-2019-15126It seems to boil down to reports of Broadcom Wi-Fi chips not being supported in Microsoft Hololens devices. If you have Hololens and have advice for other readers, please let us know in the comments below.)
We’ve extracted a list and included it below, sorted by bug dubbing. critical It’s at the top (7 of them, all RCE class bugs).
you can also read SophosLabs For more information, see Tuesday’s patch analysis.
Security Bug Class Description
If you’re not familiar with the bug abbreviations shown below, here’s a quick guide to security flaws.
- RCE I mean remote code execution. An attacker who is not currently logged on to the computer could trick the computer into running a complete program or part of the program code as if it had authenticated access. Typically, on a desktop or server, criminals use bugs of this kind to inject code they can re-inject at will later, creating a beachhead from which they can launch network-wide attacks. On mobile devices such as phones, scammers can use the RCE bug to leave behind spyware that will track you from then on, so you don’t have to break in again and again to maintain a malicious eye.
- EoP It means elevation of privilege. As mentioned above, this means that the crooks can elevate their access, usually gaining the same kind of privileges that official system administrators or operations themselves usually enjoy. Once you have system-level privileges, you can roam freely on the network, steal secure files even from servers with restricted access, create hidden user accounts so you can access them again later, or avoid ransomware attacks.
- leak This means that security-related or personal data can leave secure storage. Sometimes even an apparently minor leak, such as the location of certain operating system code in memory that an attacker shouldn’t be able to predict, can provide criminals with the information they need to turn a potentially unsuccessful attack into an almost certain success. one.
- bypass This means that security safeguards you would normally expect to keep you safe may be bypassed. Scammers typically bypass vulnerabilities and trick you into trusting remote content such as email attachments. For example, find ways to avoid “content warnings” or bypass malware detections that should keep users safe.
- spoof It means you can make your content more believable than it actually is. For example, an attacker who lures a user to a fake website that appears in a browser with an official server name in the address bar (or something that looks like the address bar) is likely to trick the user into handing over personal data. They had to put their fake content on a site that was obviously different from what you expected.
- DOS Means denial of service. Bugs that can temporarily take a network or server service offline are often considered low-level flaws, and are assumed to prevent an attacker from breaking in, stealing data, or accessing anything they shouldn’t be accessing. However, an attacker who can reliably take down part of the network can do it repeatedly in a coordinated way, for example by timing a DoS probe to fire every time a crashed server restarts. This can be very confusing, especially if you run an online business, and can also be used by scammers to distract you from other illicit activities that scammers are doing on your network at the same time.
big bug list
A list of 75 powerful bugs is here, the 3 zero-days we know about are marked with an asterisk.
NIST ID Level Type Component affected --------------- ----------- ------ ---------------------------------------- CVE-2023-21689: (Critical) RCE Windows Protected EAP (PEAP) CVE-2023-21690: (Critical) RCE Windows Protected EAP (PEAP) CVE-2023-21692: (Critical) RCE Windows Protected EAP (PEAP) CVE-2023-21716: (Critical) RCE Microsoft Office Word CVE-2023-21803: (Critical) RCE Windows iSCSI CVE-2023-21815: (Critical) RCE Visual Studio CVE-2023-23381: (Critical) RCE Visual Studio CVE-2023-21528: (Important) RCE SQL Server CVE-2023-21529: (Important) RCE Microsoft Exchange Server CVE-2023-21568: (Important) RCE SQL Server CVE-2023-21684: (Important) RCE Microsoft PostScript Printer Driver CVE-2023-21685: (Important) RCE Microsoft WDAC OLE DB provider for SQL CVE-2023-21686: (Important) RCE Microsoft WDAC OLE DB provider for SQL CVE-2023-21694: (Important) RCE Windows Fax and Scan Service CVE-2023-21695: (Important) RCE Windows Protected EAP (PEAP) CVE-2023-21703: (Important) RCE Azure Data Box Gateway CVE-2023-21704: (Important) RCE SQL Server CVE-2023-21705: (Important) RCE SQL Server CVE-2023-21706: (Important) RCE Microsoft Exchange Server CVE-2023-21707: (Important) RCE Microsoft Exchange Server CVE-2023-21710: (Important) RCE Microsoft Exchange Server CVE-2023-21713: (Important) RCE SQL Server CVE-2023-21718: (Important) RCE SQL Server CVE-2023-21778: (Important) RCE Microsoft Dynamics CVE-2023-21797: (Important) RCE Windows ODBC Driver CVE-2023-21798: (Important) RCE Windows ODBC Driver CVE-2023-21799: (Important) RCE Microsoft WDAC OLE DB provider for SQL CVE-2023-21801: (Important) RCE Microsoft PostScript Printer Driver CVE-2023-21802: (Important) RCE Microsoft Windows Codecs Library CVE-2023-21805: (Important) RCE Windows MSHTML Platform CVE-2023-21808: (Important) RCE .NET and Visual Studio CVE-2023-21820: (Important) RCE Windows Distributed File System (DFS) CVE-2023-21823: (Important) *RCE Microsoft Graphics Component CVE-2023-23377: (Important) RCE 3D Builder CVE-2023-23378: (Important) RCE 3D Builder CVE-2023-23390: (Important) RCE 3D Builder CVE-2023-21566: (Important) EoP Visual Studio CVE-2023-21688: (Important) EoP Windows ALPC CVE-2023-21717: (Important) EoP Microsoft Office SharePoint CVE-2023-21777: (Important) EoP Azure App Service CVE-2023-21800: (Important) EoP Windows Installer CVE-2023-21804: (Important) EoP Microsoft Graphics Component CVE-2023-21812: (Important) EoP Windows Common Log File System Driver CVE-2023-21817: (Important) EoP Windows Kerberos CVE-2023-21822: (Important) EoP Windows Win32K CVE-2023-23376: (Important) *EoP Windows Common Log File System Driver CVE-2023-23379: (Important) EoP Microsoft Defender for IoT CVE-2023-21687: (Important) Leak Windows HTTP.sys CVE-2023-21691: (Important) Leak Windows Protected EAP (PEAP) CVE-2023-21693: (Important) Leak Microsoft PostScript Printer Driver CVE-2023-21697: (Important) Leak Internet Storage Name Service CVE-2023-21699: (Important) Leak Internet Storage Name Service CVE-2023-21714: (Important) Leak Microsoft Office CVE-2023-23382: (Important) Leak Azure Machine Learning CVE-2023-21715: (Important) *Bypass Microsoft Office Publisher CVE-2023-21809: (Important) Bypass Microsoft Defender for Endpoint CVE-2023-21564: (Important) Spoof Azure DevOps CVE-2023-21570: (Important) Spoof Microsoft Dynamics CVE-2023-21571: (Important) Spoof Microsoft Dynamics CVE-2023-21572: (Important) Spoof Microsoft Dynamics CVE-2023-21573: (Important) Spoof Microsoft Dynamics CVE-2023-21721: (Important) Spoof Microsoft Office OneNote CVE-2023-21806: (Important) Spoof Power BI CVE-2023-21807: (Important) Spoof Microsoft Dynamics CVE-2023-21567: (Important) DoS Visual Studio CVE-2023-21700: (Important) DoS Windows iSCSI CVE-2023-21701: (Important) DoS Windows Protected EAP (PEAP) CVE-2023-21702: (Important) DoS Windows iSCSI CVE-2023-21722: (Important) DoS .NET Framework CVE-2023-21811: (Important) DoS Windows iSCSI CVE-2023-21813: (Important) DoS Windows Cryptographic Services CVE-2023-21816: (Important) DoS Windows Active Directory CVE-2023-21818: (Important) DoS Windows SChannel CVE-2023-21819: (Important) DoS Windows Cryptographic Services CVE-2023-21553: (Unknown ) RCE Azure DevOps
:
What should I do? Business users like to prioritize patches rather than do them all at once and hope they don’t break. Therefore we critical
It’s the bug on top with the RCE hole, given that RCEs are usually used by cheaters to gain an early foothold.
But eventually all bugs should be patched. Specifically, now that an update is available, an attacker can start “working backwards” by trying to figure out what kind of hole was in the patch before the update came out.
Reverse engineering Windows patches can be time consuming as Windows is a closed source operating system. What to look for and what to look for.
The sooner you get ahead (or the sooner you catch up in the case of zero-day holes, which are bugs that scammers find first), the less likely you are to be attacked. So even if you don’t patch everything at once, I’d say:
Don’t Procrastinate/Start Today!
See SOPHOSLABS analysis of Patch Tuesday for details.