Patch Tuesday refers to a day on which Microsoft rolls out Security Patches for the Vulnerability once a month “Patch Tuesday” instead of releasing patches independently for the flaws. The day usually falls on the second Tuesday of each month. On the day, Microsoft releases patches or security updates for the Windows operating system and other Microsoft software applications, including Microsoft Office. Considering its importance, we have decided to publish a monthly breakdown of the Microsoft Patch Tuesday report on thesecmaster.com. We are going to cover the February 2023 Patch Tuesday this time, and going forward. You are going to see the same report for upcoming months on this website.
Table of Contents
Microsoft Patch Tuesday February 2023 Report Summary:
Microsoft released the February 2023 Patch Tuesday on 14th Feb. Let’s see the summary of the report:
The update addresses 77 vulnerabilities, 9 are classified as critical, and 68 are classified as important.
The February 2023 update includes fixes for three zero-day vulnerabilities, which are exploited in the wild.
The products covered in the February security update include Microsoft Windows, Office, Azure, Microsoft System Center, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Visual Studio, Microsoft Edge, and many Developer Tools.
The update also includes non-security updates for Windows 10 and Windows Server 2016/2019.
Vulnerabilities by Category:
Remote Code Execution Vulnerability
Important: 29Critical: 9
Elevation of Privilege Vulnerability
Denial of Service Vulnerability
Information Disclosure Vulnerability
Security Feature Bypass Vulnerability
All 77 vulnerabilities are categorized into 6 vulnerabilities. Remote Code Execution is found to be the most prevalent in the list, and Security Feature Bypass Vulnerability is the less. The above table shows there are 38 occurrences of RCE vulnerability, of which 9 are classified as Critical, and the remaining 28 are Important in severity. Please refer to the table that shows the vulnerabilities by categories.
List of Zero-Day Vulnerabilities Patched in February 2023 Patch Tuesday:
The term “zero-day” refers to the fact that developers have zero days to fix the issue before attackers can take advantage of it. These are considered the most dangerous since they are set to exploit before patches are released. Microsoft announced that it had fixed three such zero-day vulnerabilities that are being exploited in the wild.
List of Critical Vulnerabilities Patched in February 2023 Patch Tuesday:
The severity of the identified vulnerabilities is measured in the CVSS score. CVSS is a scale measured from 0 to 10 where 0 is the least severe and 10 is the most severe Vulnerability. All the vulnerabilities are assigned a CVSS number between 0.0 to 10.10 depending on several factors, including the attack vector, the attack complexity, and the impact on confidentiality, integrity, and availability. The vulnerabilities assigned the CVSS score between 0 to 4 are labeled ‘Low’ severity. The vulnerabilities assigned the CVSS score between 4 to 7 are labeled ‘Medium’ severity. Similarly, the vulnerabilities assigned a CVSS score between 7 to 8 are labeled ‘High’ severity, and the CVSS score between 9 to 10 is ‘Critical’ in severity.
The below table lists the vulnerabilities considered Critical in severity.
We hope this post would help you know about the February 2023 Patch Tuesday report published by Microsoft on 14th February 2023. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn
Learn Something New with Free Email subscription
Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.