Three zero-day vulnerabilities in Windows systems could allow attackers to achieve remote code execution or SYSTEM privileges on targeted systems. Windows systems should be patched as soon as possible after needed testing.
This message is intended for U-M IT staff who are responsible for university systems running Microsoft Windows.
Three zero-day exploits have been found in Windows systems that could allow remote code execution (RCE) or attackers gaining SYSTEM privileges.
All Windows workstations and Servers
The need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21). Patch Windows systems as soon as possible after any necessary testing.
Threats from these vulnerabilities include possible remote code execution (RCE) and elevation of attacker privileges to SYSTEM.
Three zero-day exploits have been found in Windows systems:
- CVE-2023-23376 is a vulnerability in the Windows Common Log File System that could allow attackers to achieve SYSTEM privileges on a target host.
- CVE-2023-21823 is a vulnerability in Windows Graphics Component and could lead to remote code execution and a total takeover of a vulnerable system.
- CVE-2023-21715 is a vulnerability that allows attackers to bypass a Microsoft Publisher security feature: Office macro policies used to block untrusted or malicious files. This exploit is likely to be done using social engineering that convinces a system user to download a file crafted to exploit this vulnerability.
How We Protect U-M
ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ITS and in U-M units use the Falcon console to investigate and remediate issues.
Information for Users
- MiWorkspace Windows systems will be patched as soon as possible.
- If you have Windows installed on your own devices that are not managed by the university, please update them as soon as possible.
In general, the best protection for your devices is to keep your software and apps up-to-date. Do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them. Use secure, trusted networks. For more information, see Phishing & Suspicious Email, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.
Questions, Concerns, Reports
Please contact ITS Information Assurance through the ITS Service Center.
- February 2023 Patch Tuesday: 9 Critical CVEs, and 3 Zero Days Being Actively Exploited in the Wild (CrowdStrike Blog, 2/15/2023)
- Microsoft patches three exploited zero-days (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823) (Help net Security, 2/14/23)
- Microsoft Patch Tuesday, February 2023 Edition (Krebs on Security, 2/14/23)
- Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws (Bleeping Computer, 2/14/23)
- Microsoft delivers 75-count box of patches for Valentine's Day (The Register, 2/14/23)
- Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities (Hacker News, 2/15/2023)
- Patch Tuesday: Microsoft Warns of Exploited Windows Zero-Days (Security Week, 2/14/2023)
- Microsoft Patches Three Zero-Day Bugs This Month (Info Security Magazine, 2/25/2023)