The Softcat News Team
Welcome to the Softcat Patch Tuesday roundup where we round up the majors patches released over the past month, culminating in Microsoft’s release on Valentine's Day.
Microsoft Patch Tuesday
Microsoft has released its February update, addressing a total of 80 vulnerabilities, nine of which are rated as "Critical." Three "Important" vulnerabilities are already being exploited, including Microsoft Publisher Security Feature Bypass (CVE-2023-21715), Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2023-23376), and Windows Graphics Component Remote Code Execution Vulnerability (CVE-2023-21823).
Microsoft has flagged CVE-2023-23376 as an "Important" elevation of privilege vulnerability in the Windows Common Log File System Driver, which is present in Windows 10 and 11 systems, as well as many server versions of Windows. Although Microsoft has provided little solid information about this privilege escalation vulnerability, it has been noted that exploiting it could allow an attacker to take over a target completely. This could potentially be chained with a remote code execution bug to spread malware or ransomware. Given that this was discovered by Microsoft's Threat Intelligence Center, it is possible that it was used by advanced threat actors. To stay safe, it is important to test and roll these fixes quickly.
CVE-2023-21715 allows the execution of macros bypassing policies blocking them, while patches for CVE-2023-21823 may only be available via the Microsoft Store.
In addition, there are several other vulnerabilities worth noting. CVE-2023-21803 is a Windows iSCSI Discovery Service Remote Code Execution Vulnerability that could be used for lateral movement. While it may not be the most common issue to be patched this month, it is something that could easily be missed. CVE-2023-21716 is a Microsoft Word Remote Code Execution Vulnerability, with a CVSS score of 9.8, which implies that it is not necessary to open the document to trigger the vulnerability. Lastly, Visual Studio is affected by several vulnerabilities, two of which are critical. Attacks against developers are often not well documented but appear to be on the rise.
Adobe
Adobe has released security patches for at least six vulnerabilities that expose users of Windows and macOS to potential hacker attacks. Three of the most popular Adobe software products - Photoshop, Illustrator, and After Effects - are affected. Adobe Illustrator and After Effects patches carry critical severity ratings due to the risk of code execution attacks. The Illustrator vulnerability is a buffer overflow issue that leads to arbitrary code execution, and the After Effects vulnerabilities expose users to code execution attacks. Adobe also released a patch for an important-severity flaw in its flagship software, Adobe Photoshop. The company was not aware of any exploits in the wild for any of the flaws patched this month.
Citrix
Another set high on the list for attention is for admins of Citrix technologies this month, across its Workspace Apps, Virtual Apps, and Desktops. The security updates address vulnerabilities - CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483 - that are considered high-severity and can be exploited by a local user to take control of an affected system. Citrix's security bulletins CTX477618, CTX477617, and CTX477616 provide further details on the vulnerabilities and the necessary updates.
Apple
Last but not least this month is the roundup of Apple security releases with vulnerabilities addressed across iOS, iPadOS and macOS. There are already reports of a zero-day vulnerability being exploited in the wild, hence the emergency update. Discovered by an anonymous researcher, the zero-day vulnerability, tracked as CVE-2023-23529, is a WebKit confusion issue that allows attackers to execute arbitrary code on devices after users navigate to a malicious website. In response, Apple released iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1 to patch the flaw and protect vulnerable devices.