Share this article

Improve this guide

75 CVEs addressed through the 2023 February Patch Tuesday

8 min. read

Updated onFebruary 14, 2023

updated onFebruary 14, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Valentine’s Day is upon us, but not everything comes down to flowers and chocolates. There are those who eagerly await Microsoft’s Patch Tuesday rollout/

And, as you know, it’s the second Tuesday of the month, which means that Windows users are looking towards the tech giant in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We have already taken the liberty of providing thedirect download linksfor the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk CVEs again.

For February, Microsoft released 75 new patches, which is still more than some people were expecting for the second month of 2023.

These software updates address CVEs in:

You probably want to know more on the matter, so let’s dive right into it and see what all the fuss is about this month.

Microsoft released 75 new important security patches

January 2023 was a pretty packed month in terms of security patches, so developers decided to take a breather and release fewer updates.

You might like to know that, out of the 75 new CVEs released, only nine are rated Critical and 66 are rated Important in severity by security experts.

Furthermore, keep in mind that this is one of the largest volumes we’ve seen from Microsoft for a February release in quite some time.

We have to say that it is a bit unusual to see half of the Patch Tuesday release address remote code execution (RCE) bugs.

Remember that none of the new CVEs released this month are listed as publicly known, but there are two bugs listed as being exploited in the wild at the time of release.

That being said, let’s take a closer look at some of the more interesting updates for this month, starting with the bugs under active attack.

Note that there are three CVSS 9.8 bugs in Microsoft’s Protected Extensible Authentication Protocol (PEAP), but it doesn’t seem that this protocol is used much anymore.

Frankly, we find CVSS 9.8 bug in the iSCSI Discovery Service a lot more alarming, as data centers with storage area networks (SANs) should definitely check with their vendors to see if their SAN is impacted by the RCE vulnerability.

Please take into consideration the fact that the bug in SQL would require someone to connect to a malicious SQL server via ODBC.

There are no Print Spooler bugs getting fixed this month, but there are two bugs in the PostScript Printer Driver that could allow an authenticated attacker to take over a system sharing a printer.

Actually, there are quite a few fixes for SQL Server, and exploiting these would require an affected system to connect to a malicious SQL Server, typically through ODBC.

Experts say that, while that seems unlikely, they are worried about the various servicing scenarios between all the available versions of SQL Server.

We also have to mention the bug in Azure Data Box Gateway, which requires high privileges to exploit, but that’s not the case for Azure DevOps Server vulnerability.

To get access, an attacker only needs to have only Run access to the pipeline, but not every pipeline is vulnerable.

Unfortunately, the tech giant doesn’t provide information on how to distinguish the affected and non-affected pipelines.

The Dynamics bug does require authentication, an attacker might be able to call the target’s local files in the Resources directory and execute Windows commands that are outside of the Dynamics application.

There are also a couple of RCE bugs, but they do allow us to remind you the Fax Service is still a thing, so the final RCE bug is the lone Moderate-rated bug this month for Edge (Chromium-based).

Feel free to check each individual CVE and find out more about what it means, how it manifests, and what scenarios can malicious third parties use to exploit them.

Have you found any other issues after installing this month’s security updates? Share your experience with us in the comments section below.

More about the topics:patch tuesday,windows 10 updates

Teodor Nechita

Eager to help those in need, Teodor writes articles daily on subjects regarding Windows, Xbox, and all things tech-related.

When not working, you may usually find him either at the gym or taking a stroll in the park, trying to find inspiration for the next articles he may write.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Teodor Nechita