Seeing as today is the second Tuesday of the month, that means it’s Patch Tuesday. The monthly ritual where you install all the latest patches from Microsoft to protect you from getting pwned by hackers. And according to Bleeping Computer, the numbers and criticality of the fixes goes something like this:
Today is Microsoft’s February 2023 Patch Tuesday, and security updates fix three actively exploited zero-day vulnerabilities and a total of 77 flaws.
Nine vulnerabilities have been classified as ‘Critical’ as they allow remote code execution on vulnerable devices.
The three actively exploited zero-day vulnerabilities is eye opening. But the nine flaws of the total of 77 flaws which should warrant your attention as well. To help you to prioritize which ones to focus on (Though if it were me I would focus on all of them, but you might be in an environment where that isn’t possible) , I have this comment from Dor Segal, Senior Security Researcher, Silverfort:
“Security teams should be aware of a group of six vulnerabilities in Protected Extensible Authentication Protocol (PEAP). An authentication protocol used by organizations to secure wireless and point-to-point connections, PEAP plays a key role in ensuring the legitimacy of machines requesting access to a wireless network.
Three of these (CVE-2023-21689, CVE-2023-21690, CVE-2023-21692) score highly, ranking as critical vulnerabilities with a score of 9.8. When exploited by a threat actor in an environment running NPS, it will allow them to control machines and endpoints remotely and execute malicious code inside a target environment.
Another potential concern with a high score of 8.8 is CVE-2023-21529, targeting Microsoft Exchange Server. With access to user credentials, attackers could use this vulnerability to gain an initial foothold before pivoting into more critical areas of the environment. As well as applying the suggested mitigations, security teams should also apply MFA to all Exchange endpoints.
Being actively exploited in the wild, CVE-2023-21715 allows attackers to bypass Microsoft Office security protections blocking malicious macros. Exploiting this vulnerability requires social engineering a target user into opening an office attachment. While a prompt still appears – if the user allows the file to run – a threat actor can use malicious macros to execute code remotely. Alongside patching, security teams need to reinforce the need for users to be aware of opening files from unexpected sources.”
All of this is good advice that I hope those who are responsible for protecting their IT infrastructure take seriously.