Rackspace Response to February 2023 Microsoft Patch Tuesday Security Advisory

by Eric Zuniga, Full Stack Systems Engineer II GTS Windows, Rackspace Technology

Rackspace Technology is aware of recently published security vulnerabilities impacting the Microsoft Windows Operating Systems. On February 14, 2023 Microsoft issued patches for 80 vulnerabilities, of which 9 are critical and 3 are actively exploited as 0-days.

Rackspace engineers have performed an initial assessment and are advising customers to ensure February 2023 Windows Patches are installed as there are not any known software mitigations or workarounds for these vulnerabilities. Rackspace customers using our Managed Patching Service will be patched during normal patching cycles.

For those customers not using Rackspace Managed Patching we recommend patching devices as soon as possible to mitigate these vulnerabilities. Customers not using our Managed Patching Service can install the latest Windows Updates themselves or can request that Rackspace perform patching by contacting Rackspace Support.

Below you will find a partial list of vulnerabilities Rackspace is highlighting impacting Microsoft Windows Graphic Component, Word, Servers, and Exchange. For a full list of February Security, you can follow this link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb

Vulnerability & Details

CVE-2023-21689: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

Impact: Remote Code Execution

Affected Software: All supported versions of Windows

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689

Vulnerability & Details

CVE-2023-21823: Windows Graphics Component Remote Code Execution Vulnerability

Impact: Remote Code Execution

Affected Software: All supported versions of Windows, Office for Universal, Office for Android

Notes: The Microsoft Store will automatically update affected customers.

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823

Vulnerability & Details

CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability

Impact: Remote Code Execution

Affected Software: Microsoft (MS) 365 Apps for Enterprise, MS Office LTSC 2021, MS Office LTSC for Mac 2021, MS Office 2019 for Mac, MS Office Online Server, MS Office Web Apps Server 2013, MS Word 2016, MS Word 2013, MS SharePoint Server 2019, MS SharePoint Enterprise Server 2016, MS SharePoint Server 2013, MS SharePoint Foundation 2013, MS SharePoint Server Subscription Edition, SharePoint Server Subscription Edition Language Pack

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716

Vulnerability & Details

CVE-2023-21707: Microsoft Exchange Server Remote Code Execution Vulnerability

Impact: Remote Code Execution

Affected Software: Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2019 Cumulative Update 11,Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707

Vulnerability & Details

CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability

Impact: Remote Code Execution

Affected Software: Windows 10 Version 22H2, Windows 10 Version 21H2, Windows 10 Version 20H2

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803

Vulnerability & Details

CVE-2023-21717: Microsoft SharePoint Server Elevation of Privilege Vulnerability

Impact: Elevation of Privilege

Affected Software:Microsoft SharePoint Server 2019, SharePoint Enterprise Server 2016, SharePoint Enterprise Server 2013, SharePoint Foundation 2013 Service, Microsoft SharePoint Server Subscription Edition

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717

Vulnerability & Details

CVE-2023-21684: Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

Impact: Remote Code Execution

Affected Software: All supported versions of Windows

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21684

Vulnerability & Details

CVE-2023-21799Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Impact: Remote Code Execution

Affected Software: All supported versions of Windows

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21799

Vulnerability & Details

CVE-2023-21797: Microsoft ODBC Driver Remote Code Execution Vulnerability

Impact: Remote Code Execution

Affected Software: All supported versions of Windows

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21797

Vulnerability & Details

CVE-2023-23376: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Impact: Elevation of Privilege

Affected Software: All supported versions of Windows

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376

Vulnerability & Details

CVE-2023-21813: Windows Secure Channel Denial of Service Vulnerability

Impact: Denial of Service

Affected Software: All supported versions of Windows

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21813

Vulnerability & Details

CVE-2023-21715M: icrosoft Publisher Security Feature Bypass Vulnerability

Impact: Security Feature Bypass

Affected Software: Microsoft 365 Apps for Enterprise

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715

Vulnerability & Details

CVE-2023-21817: Windows Kerberos Elevation of Privilege Vulnerability

Impact: Elevation of Privilege

Affected Software:All supported versions of Windows

More Information: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21817

Our security teams are actively monitoring the situation and will provide any associated updates via this blog.

Note - Reboot Issue with KB5022842 and Windows Server 2022 VMs on VMWare using Secure Boot

It’s important to note there is a known issue with KB5022842 affecting Windows Server 2022 virtual machines on VMWare ESX vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x. where, if SecureBoot is enabled for the virtual machine, the virtual machine will not boot up. VMWare and Microsoft are working to remediate the issue with an upcoming patch. Until a patch is released the following recommendations should be followed to avoid this issue.

  • Upgrade the ESXi Hypervisor of the virtual machine to vSphere ESXi 8.0
  • Disable “SecureBoot” on the VMs.
  • Avoid installing KB5022842 patch on any Windows 2022 Server virtual machine

In addition please note the following regarding remediation.

Should you have any questions or require assistance in responding to these vulnerabilities, please contact a support Racker via https://www.rackspace.com/login.