Microsoft Releases Patches for 3 Actively Exploited Vulnerabilities on Windows

On Tuesday, Microsoft issued security updates to fix 75 vulnerabilities found across their range of products, three of which have already been exploited by attackers. The updates were released on top of the 22 flaws that had been patched in the company’s Edge browser over the last month, which is based on Chromium.

Out of the 75 vulnerabilities, 9 are considered critical, while 66 are rated as important. Of these vulnerabilities, 37 are categorized as remote code execution (RCE) flaws. The three zero-day exploits that have already been actively exploited are as follows:

  • CVE-2023-21715 (CVSS score: 7.3) – Microsoft Office Security Feature Bypass Vulnerability
  • CVE-2023-21823 (CVSS score: 7.8) – Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2023-23376 (CVSS score: 7.8) – Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability

CVSS stands for Common Vulnerabilities Scoring System. It is a framework used to assign a score to a software vulnerability, based on the severity and impact of the vulnerability on a system. The score is a numerical value between 0 and 10 and is used to help prioritize the severity of vulnerabilities and determine the urgency of patching or mitigating them.

The higher the CVSS score, the more severe the vulnerability and the greater the potential impact on a system if it is not addressed. CVSS scores are widely used by security professionals to assess the risk associated with different vulnerabilities and to make informed decisions about how to allocate resources to address them.

Vendors Who Have Pushed Software Patches

In addition to Microsoft, other software vendors have released security updates in the past few weeks to address a number of vulnerabilities, which include: [specific vulnerabilities could be added here if known].