Top 5 Zero-day Vulnerabilities of February

Leave a Comment / By /

Zero day vulnerabilities refer to a type of security flaw that is unknown to the software vendor and remains unpatched. These vulnerabilities can be exploited by hackers to gain unauthorized access to computer systems, networks, or applications. Zero day attacks are particularly dangerous as they can occur without any warning, leaving organizations and individuals with no time to take preventive measures.

Detecting and mitigating zero day vulnerabilities requires a proactive approach to security that involves continuous monitoring, threat intelligence gathering, and risk assessment. It is important for organizations and individuals to stay up to date with the latest security patches and software updates to mitigate the risks of zero day attacks.

Here are the top five zero-day vulnerabilities of February that have been discovered:

1. CVE-2023-23560

Severity – Critical

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation..

More details : https://vi.strobes.co/cve/CVE-2023-23560

Zeroday references:

  1. https://portswigger.net/daily-swig/researcher-drops-lexmark-rce-zero-day-rather-than-sell-vuln-for-peanuts

Patch references:

  1. https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
  2. https://support.lexmark.com/alerts/

2. CVE-2023-23529

Severity – Low

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

More details : https://vi.strobes.co/cve/CVE-2023-23529

Zeroday references:

  1. https://www.zero-day.cz/database/745

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2023021339

3. CVE-2023-23376

Severity – High

Windows Common Log File System Driver Elevation of Privilege Vulnerability.

More details :https://vi.strobes.co/cve/CVE-2023-23376

Zeroday references: 

  1. https://www.zero-day.cz/database/747

Patch references:

  1. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899
  2. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894
  3. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903
  4. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895
  5. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872
  6. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874
  7. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890
  8. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893
  9. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838
  10. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858
  11. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834
  12. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845
  13. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836
  14. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842
  15. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840
  16. https://www.cybersecurity-help.cz/vdb/SB2023021419
  17. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376
  18. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022921

4. CVE-2023-22952

Severity – High

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.

More details: https://vi.strobes.co/cve/CVE-2023-22952

Zeroday references:

  1. https://sugarclub.sugarcrm.com/explore/product-updates/b/sugar-sell-updates/posts/january-4-2023-critical-security-hotfix
  2. https://www.zero-day.cz/database/742

Patch references:

  1. https://www.cybersecurity-help.cz/vdb/SB2023011122
  2. https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/

5. CVE-2023-21823

Severity – High

More details: https://vi.strobes.co/cve/CVE-2023-21823

Zeroday references:

  1. https://www.zero-day.cz/database/748

Patch references:

  1. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022899
  2. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022894
  3. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022903
  4. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022895
  5. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022872
  6. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022874
  7. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022890
  8. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022893
  9. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022838
  10. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022858
  11. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022834
  12. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022845
  13. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022836
  14. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022842
  15. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022840
  16. https://apps.apple.com/us/app/microsoft-365-office/id541164041
  17. https://support.microsoft.com/en-us/account-billing/get-updates-for-apps-and-games-in-microsoft-store-a1fe19c0-532d-ec47-7035-d1c5a1dd464f
  18. https://play.google.com/store/apps/details?id=com.microsoft.office.officehubrow
  19. https://www.cybersecurity-help.cz/vdb/SB2023021420
  20. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
  21. https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5022921

Zero-Day Attack Prevention:

These exploits are unpredictable, zero-day protection is necessary. Here are some suggestions regarding how to safeguard your software and vulnerable programmes from zero-day attacks.

  • Once the security patches are available, update all programmes and software.
  • Web application software must be employed to secure the website. You are capable of precisely detecting attacks.
  • Install a security package for the internet. It often comprises default-deny protection, heuristic file analysis, smart anti-virus, and sandboxing techniques.
  • Operate on sites that are secured with Secure Socket Layer (SSL).
  • Go for multiple layer protection with Web application firewalls.
  • Protect the content of individual transmissions with the help of Virtual LANs.

Stay ahead of threats using Strobes:

Strobes will help you correlate data between vulnerability scans and vulnerability intelligence making sure to keep you updated whenever there is a zero-day in the wild. 

About The Author

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top