ALERT: Patching Microsoft systems for 3 zero-day exploits

02/20/2023

Three zero-day vulnerabilities in Windows systems could allow attackers to achieve remote code execution or SYSTEM privileges on targeted systems. Windows systems should be patched as soon as possible after needed testing.

 This message is intended for U-M IT staff who are responsible for university systems running Microsoft Windows.

Problem

Three zero-day exploits have been found in Windows systems that could allow remote code execution (RCE) or attackers gaining SYSTEM privileges.

Affected Systems

All Windows workstations and Servers

Action Items

The need for immediate action supersedes the remediation timeframes in Vulnerability Management (DS-21). Patch Windows systems as soon as possible after any necessary testing.

Threats

Threats from these vulnerabilities include possible remote code execution (RCE) and elevation of attacker privileges to SYSTEM.

Technical Details

Three zero-day exploits have been found in Windows systems:

  • CVE-2023-23376 is a vulnerability in the Windows Common Log File System that could allow attackers to achieve SYSTEM privileges on a target host.
  • CVE-2023-21823 is a vulnerability in Windows Graphics Component and could lead to remote code execution and a total takeover of a vulnerable system.
  • CVE-2023-21715 is a vulnerability that allows attackers to bypass a Microsoft Publisher security feature: Office macro policies used to block untrusted or malicious files. This exploit is likely to be done using social engineering that convinces a system user to download a file crafted to exploit this vulnerability.

How We Protect U-M

ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ITS and in U-M units use the Falcon console to investigate and remediate issues.

Information for Users

  • MiWorkspace Windows systems will be patched as soon as possible.
  • If you have Windows installed on your own devices that are not managed by the university, please update them as soon as possible.

In general, the best protection for your devices is to keep your software and apps up-to-date. Do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them. Use secure, trusted networks. For more information, see Phishing & Suspicious EmailSecure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.

Questions, Concerns, Reports

Please contact ITS Information Assurance through the ITS Service Center.

References