Microsoft has released patches for three vulnerabilities that have been exploited in the wild, including one remote code execution flaw in the Windows graphic component that can be exploited without user interaction.
That vulnerability (CVE-2023-21823) affects most of the supported versions of Windows and Windows Server and an attacker who was able to exploit it would be able to gain system-level privileges. The other two known exploited vulnerabilities include a security feature bypass and a local privilege escalation.
The former bug (CVE-2023-21715) only affects Microsoft 365 Apps for Enterprise, both the 32-bit and 64-bit versions. A successful attack against the bug requires authentication and also needs user interaction, conditions that mitigate the risk of exploitation quite a bit.
“The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer,” the Microsoft advisory says.
Like the remote code execution vulnerability, the local elevation of privilege bug (CVE-2023-23376) affects most of the current versions of Windows and Windows Server and could grant system-level privileges to an attacker who can exploit it. Exploitation does not require any user interaction.
MIcrosoft also patched more than 70 other vulnerabilities on Tuesday as part of its monthly update release.