Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2023.0048 Microsoft Patch Tuesday update for Microsoft Windows for February 2023 15 February 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Windows Server Operating System: Windows Resolution: Patch/Upgrade CVE Names: CVE-2023-23376 CVE-2023-21823 CVE-2023-21822 CVE-2023-21820 CVE-2023-21819 CVE-2023-21818 CVE-2023-21817 CVE-2023-21816 CVE-2023-21813 CVE-2023-21812 CVE-2023-21811 CVE-2023-21805 CVE-2023-21804 CVE-2023-21803 CVE-2023-21802 CVE-2023-21801 CVE-2023-21799 CVE-2023-21798 CVE-2023-21797 CVE-2023-21702 CVE-2023-21701 CVE-2023-21700 CVE-2023-21699 CVE-2023-21697 CVE-2023-21695 CVE-2023-21694 CVE-2023-21693 CVE-2023-21692 CVE-2023-21691 CVE-2023-21690 CVE-2023-21689 CVE-2023-21688 CVE-2023-21687 CVE-2023-21686 CVE-2023-21685 CVE-2023-21684 Comment: CVSS (Max): 9.8 CVE-2023-21689 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Microsoft Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H OVERVIEW Microsoft has released its monthly security patch update for the month of February 2023. This update resolves 36 vulnerabilities across the following product(s): [1] Windows 10 Windows 11 Windows 11 version 21H2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2023-21684 Remote Code Execution Important CVE-2023-21685 Remote Code Execution Important CVE-2023-21686 Remote Code Execution Important CVE-2023-21687 Information Disclosure Important CVE-2023-21688 Elevation of Privilege Important CVE-2023-21689 Remote Code Execution Critical CVE-2023-21690 Remote Code Execution Critical CVE-2023-21691 Information Disclosure Important CVE-2023-21692 Remote Code Execution Critical CVE-2023-21693 Information Disclosure Important CVE-2023-21694 Remote Code Execution Important CVE-2023-21695 Remote Code Execution Important CVE-2023-21697 Information Disclosure Important CVE-2023-21699 Information Disclosure Important CVE-2023-21700 Denial of Service Important CVE-2023-21701 Denial of Service Important CVE-2023-21702 Denial of Service Important CVE-2023-21797 Remote Code Execution Important CVE-2023-21798 Remote Code Execution Important CVE-2023-21799 Remote Code Execution Important CVE-2023-21801 Remote Code Execution Important CVE-2023-21802 Remote Code Execution Important CVE-2023-21803 Remote Code Execution Critical CVE-2023-21804 Elevation of Privilege Important CVE-2023-21805 Remote Code Execution Important CVE-2023-21811 Denial of Service Important CVE-2023-21812 Elevation of Privilege Important CVE-2023-21813 Denial of Service Important CVE-2023-21816 Denial of Service Important CVE-2023-21817 Elevation of Privilege Important CVE-2023-21818 Denial of Service Important CVE-2023-21819 Denial of Service Important CVE-2023-21820 Remote Code Execution Important CVE-2023-21822 Elevation of Privilege Important CVE-2023-21823 Elevation of Privilege Important CVE-2023-23376 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5022834, KB5022835, KB5022836, KB5022838, KB5022840 KB5022842, KB5022845, KB5022858, KB5022894, KB5022895 KB5022899, KB5022903 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY+wc/MkNZI30y1K9AQgqCA//ePJFiJpjC2BaB+c5fG4DAVW+1qN9dNSY jvjbdjJZoxk4nxANS7GscxaQkZQgR5WH5+gXvQuck7A3ZgAhqaIunYPWp8dB7wzx fpkNqKK0hvMFfAzfnlMm6b/MEamDLr4iJh0NJTlbVGTzBz3VR7VGuqDZWv6+n6WI odqQXwacCIzfEI5OXFIgXaP9EDo0tXSGaKO1Z8crzSZu4MFP+53MydDFmMXAfbdz ertoHih/dmZ+A8C+YNx70SSnCsSbQl1hb8XKWbENPb/PPrEgwshB15ik84i76btM NYuQt8nHQyLwBQvQELJ+g4B3AEiS1OLucnMiNlLm+dYGm0HSSm4Jaxjwmx5kkjT9 gss1JZ9IN6/8XEDw3xVLmEIphtpRKvw4ECweHrNejNpvGCYScQvU4tmuBizpYaZ4 XyWrpfSSPY8pINRZabP6WiPkcL3rRVYRsljrEZXc10P3RG66sRq/NtBODSWbseX9 feQoqUV36DJFlIACpA9gYoI1eNI5W6/DxIdf8weEUPc7g2w0DvlngPEUJMrjy+nz WAMEOwv+QhuT+Qme6rIrTRQS2j6WHD4+94V+3wjM8nbNJG3YrT+Ev0W93WtSNVtz 8so4Dhn0yWZ+mxgTdXawBKvXpfJozRivoeLTZ1V2jQmJylvbTQuxCmC2OhHzq/LJ /qQjocigO7c= =1e3d -----END PGP SIGNATURE-----