Rackspace Response to February 2023 Microsoft Patch Tuesday Security Advisory
by Eric Zuniga, Full Stack Systems Engineer II GTS Windows, Rackspace Technology
Rackspace Technology is aware of recently published security vulnerabilities impacting the Microsoft Windows Operating Systems. On February 14, 2023 Microsoft issued patches for 80 vulnerabilities, of which 9 are critical and 3 are actively exploited as 0-days.
Rackspace engineers have performed an initial assessment and are advising customers to ensure February 2023 Windows Patches are installed as there are not any known software mitigations or workarounds for these vulnerabilities. Rackspace customers using our Managed Patching Service will be patched during normal patching cycles.
For those customers not using Rackspace Managed Patching we recommend patching devices as soon as possible to mitigate these vulnerabilities. Customers not using our Managed Patching Service can install the latest Windows Updates themselves or can request that Rackspace perform patching by contacting Rackspace Support.
Below you will find a partial list of vulnerabilities Rackspace is highlighting impacting Microsoft Windows Graphic Component, Word, Servers, and Exchange. For a full list of February Security, you can follow this link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
Vulnerability & Details
CVE-2023-21689: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Impact: Remote Code Execution
Affected Software: All supported versions of Windows
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689
Vulnerability & Details
CVE-2023-21823: Windows Graphics Component Remote Code Execution Vulnerability
Impact: Remote Code Execution
Affected Software: All supported versions of Windows, Office for Universal, Office for Android
Notes: The Microsoft Store will automatically update affected customers.
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
Vulnerability & Details
CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability
Impact: Remote Code Execution
Affected Software: Microsoft (MS) 365 Apps for Enterprise, MS Office LTSC 2021, MS Office LTSC for Mac 2021, MS Office 2019 for Mac, MS Office Online Server, MS Office Web Apps Server 2013, MS Word 2016, MS Word 2013, MS SharePoint Server 2019, MS SharePoint Enterprise Server 2016, MS SharePoint Server 2013, MS SharePoint Foundation 2013, MS SharePoint Server Subscription Edition, SharePoint Server Subscription Edition Language Pack
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716
Vulnerability & Details
CVE-2023-21707: Microsoft Exchange Server Remote Code Execution Vulnerability
Impact: Remote Code Execution
Affected Software: Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2019 Cumulative Update 11,Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707
Vulnerability & Details
CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability
Impact: Remote Code Execution
Affected Software: Windows 10 Version 22H2, Windows 10 Version 21H2, Windows 10 Version 20H2
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803
Vulnerability & Details
CVE-2023-21717: Microsoft SharePoint Server Elevation of Privilege Vulnerability
Impact: Elevation of Privilege
Affected Software:Microsoft SharePoint Server 2019, SharePoint Enterprise Server 2016, SharePoint Enterprise Server 2013, SharePoint Foundation 2013 Service, Microsoft SharePoint Server Subscription Edition
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717
Vulnerability & Details
CVE-2023-21684: Microsoft PostScript Printer Driver Remote Code Execution Vulnerability
Impact: Remote Code Execution
Affected Software: All supported versions of Windows
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21684
Vulnerability & Details
CVE-2023-21799Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Impact: Remote Code Execution
Affected Software: All supported versions of Windows
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21799
Vulnerability & Details
CVE-2023-21797: Microsoft ODBC Driver Remote Code Execution Vulnerability
Impact: Remote Code Execution
Affected Software: All supported versions of Windows
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21797
Vulnerability & Details
CVE-2023-23376: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Impact: Elevation of Privilege
Affected Software: All supported versions of Windows
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376
Vulnerability & Details
CVE-2023-21813: Windows Secure Channel Denial of Service Vulnerability
Impact: Denial of Service
Affected Software: All supported versions of Windows
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21813
Vulnerability & Details
CVE-2023-21715M: icrosoft Publisher Security Feature Bypass Vulnerability
Impact: Security Feature Bypass
Affected Software: Microsoft 365 Apps for Enterprise
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715
Vulnerability & Details
CVE-2023-21817: Windows Kerberos Elevation of Privilege Vulnerability
Impact: Elevation of Privilege
Affected Software:All supported versions of Windows
More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21817
Our security teams are actively monitoring the situation and will provide any associated updates via this blog.
Note - Reboot Issue with KB5022842 and Windows Server 2022 VMs on VMWare using Secure Boot
It’s important to note there is a known issue with KB5022842 affecting Windows Server 2022 virtual machines on VMWare ESX vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x. where, if SecureBoot is enabled for the virtual machine, the virtual machine will not boot up. VMWare and Microsoft are working to remediate the issue with an upcoming patch. Until a patch is released the following recommendations should be followed to avoid this issue.
- Upgrade the ESXi Hypervisor of the virtual machine to vSphere ESXi 8.0
- Disable “SecureBoot” on the VMs.
- Avoid installing KB5022842 patch on any Windows 2022 Server virtual machine
In addition please note the following regarding remediation.
- Rolling back KB5022842 will not resolve booting issue.
- To disable secure boot use the steps found in this link - https://kb.vmware.com/s/article/90947
Should you have any questions or require assistance in responding to these vulnerabilities, please contact a support Racker via https://www.rackspace.com/login.
Recent Posts
Google Cloud Hybrid Networking Patterns — Part 1
October 17th, 2024
Google Cloud Hybrid Networking Patterns — Part 3
October 17th, 2024
Google Cloud Hybrid Networking Patterns — Part 2
October 17th, 2024
How Rackspace Leverages AWS Systems Manager
October 9th, 2024
Windows Server preventing time sync with Rackspace NTP
October 7th, 2024