Patch Tuesday February 2023 – Microsoft Releases Fixes for 13 Known Vulnerabilities

Patch Tuesday February comes with 13 new security patches for OS-based and browser-specific vulnerabilities. No zero-day bugs have been addressed this month. So, without further ado, here’s what the second month of 2023 looks like in terms of vulnerability management. Enjoy and don’t forget to subscribe to Heimdal®’s newsletter for more patching goodies.

Patch Tuesday February 2023 – Highlights

We’ll kick off the list with RCE (i.e. Remote Code Execution), more specifically, CVE-2023-23374. This defect, which was found to be affecting Microsoft’s Chromium-based browser, can potentially allow a threat actor to run arbitrary code on the victim’s machine. Next stop is CVE-2023-21794, a spoofing vulnerability found in the very same web browser. According to the advisory issued by Microsoft, this defect would allow a threat actor to gain access to a machine by serving a crafted URL to the user. Fortunately, this type of attack technique only works if the user interacts with the URL.  Moving on, we have the CVE-2023-21720, a tampering vulnerability in Microsoft’s Edge. If leveraged correctly, the threat actor might gain run code with elevated rights.

The full list of February patches and fixes can be found below.

Additional Cybersecurity Advice

This concludes the February edition of Heimdal®’s Patch Tuesday updates. Although it was a rather short and uneventful month compared to January 2023 and December 2022, we still have a lot of things to look forward to. Let us not forget about the ESXi hypervisor vulnerability and, of course, the other 3r-party apps that are under Microsoft Security’s umbrella. In anticipation of those, here are a couple of things you can try out to bolster your cyber defenses and level up your vulnerability management game.

1. Get ready to double back. There’s no true recipe for flawless patching, which means something’s bound to happen at any time (e.g., unexpected patch failure, connection errors, no mobile control, insufficient privileges, failure to meet regulatory compliance requirements, etc.). Ensure that your backups are up and running if you need to revert the app(s) to a previous version.
2. Vulnerability scanning FTW! Don’t forget about your vulnerability scanning schedule. The best practice dictates that scanning should occur at least once per month. Don’t forget about documenting your findings.
3. Automatic patching. Smaller organizations tend to rely on manual patching in order to deploy all relevant improvement-carrying packages. However, things tend to change a bit when you’re in the shoes of an IT admin catering to the needs of hundreds of users. The best way around this issue is, of course, automatic patching. If configured correctly, an automatic patching solution can ensure timely (and correct) deployment and a low risk of incompatibility. Heimdal®’s Patch & Asset Management can aid you in quickly distributing your patches, regardless if they are OS-specific, 3rd party, proprietary, or UX/UI-oriented.
4. Keep your documentation up to date. If you’re managing a team, consider drafting up a list of patching protocols. Include dates, times, Operating Systems, tests, and everything you can think of. Don’t forget to scribble down any modifications made to the software.

• Patch Tuesday, January 2023. 
• Heimdal® Cyber Threat Report 2023
• What Are the Main Attack Vectors in Cybersecurity?

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.

If you liked this post, you will enjoy our newsletter.

Get cybersecurity updates you'll actually want to read directly in your inbox.

I agree to have the submitted data processed by Heimdal Security according to the Privacy Policy