Patch Tuesday refers to a day on which Microsoft rolls out Security Patches for the Vulnerability once a month “Patch Tuesday” instead of releasing patches independently for the flaws. The day usually falls on the second Tuesday of each month. On the day, Microsoft releases patches or security updates for the Windows operating system and other Microsoft software applications, including Microsoft Office. Considering its importance, we have decided to publish a monthly breakdown of the Microsoft Patch Tuesday report on thesecmaster.com. We are going to cover the February 2023 Patch Tuesday this time, and going forward. You are going to see the same report for upcoming months on this website.
Table of Contents
Microsoft Patch Tuesday February 2023 Report Summary:
Microsoft released the February 2023 Patch Tuesday on 14th Feb. Let’s see the summary of the report:
The update addresses 77 vulnerabilities, 9 are classified as critical, and 68 are classified as important.
The February 2023 update includes fixes for three zero-day vulnerabilities, which are exploited in the wild.
The products covered in the February security update include Microsoft Windows, Office, Azure, Microsoft System Center, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Visual Studio, Microsoft Edge, and many Developer Tools.
The update also includes non-security updates for Windows 10 and Windows Server 2016/2019.
source: SYXSENSE
Vulnerabilities by Category:
Vulnerability Type
Quantity
Severities
Remote Code Execution Vulnerability
38
Important: 29Critical: 9
Elevation of Privilege Vulnerability
12
Important: 12
Denial of Service Vulnerability
10
Important: 10
Information Disclosure Vulnerability
8
Important: 8
Spoofing Vulnerability
8
Important: 8
Security Feature Bypass Vulnerability
2
Important: 2
All 77 vulnerabilities are categorized into 6 vulnerabilities. Remote Code Execution is found to be the most prevalent in the list, and Security Feature Bypass Vulnerability is the less. The above table shows there are 38 occurrences of RCE vulnerability, of which 9 are classified as Critical, and the remaining 28 are Important in severity. Please refer to the table that shows the vulnerabilities by categories.
List of Zero-Day Vulnerabilities Patched in February 2023 Patch Tuesday:
The term “zero-day” refers to the fact that developers have zero days to fix the issue before attackers can take advantage of it. These are considered the most dangerous since they are set to exploit before patches are released. Microsoft announced that it had fixed three such zero-day vulnerabilities that are being exploited in the wild.
List of Critical Vulnerabilities Patched in February 2023 Patch Tuesday:
The severity of the identified vulnerabilities is measured in the CVSS score. CVSS is a scale measured from 0 to 10 where 0 is the least severe and 10 is the most severe Vulnerability. All the vulnerabilities are assigned a CVSS number between 0.0 to 10.10 depending on several factors, including the attack vector, the attack complexity, and the impact on confidentiality, integrity, and availability. The vulnerabilities assigned the CVSS score between 0 to 4 are labeled ‘Low’ severity. The vulnerabilities assigned the CVSS score between 4 to 7 are labeled ‘Medium’ severity. Similarly, the vulnerabilities assigned a CVSS score between 7 to 8 are labeled ‘High’ severity, and the CVSS score between 9 to 10 is ‘Critical’ in severity.
The below table lists the vulnerabilities considered Critical in severity.
Comprehensive List of Vulnerabilities Patched in February 2023 Patch Tuesday Are:
We have segregated the list into multiple lists by the Applications. You can download the list from the official Microsoft security updates sheet from here.
We hope this post would help you know about the February 2023 Patch Tuesday report published by Microsoft on 14th February 2023. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
Learn Something New with Free Email subscription
Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
