Microsoft released its monthly security update on Tuesday, addressing three critical and exploited security vulnerabilities, as well as 75 other programming flaws. Nine of these vulnerabilities are classified as "critical" because they allow remote code execution on vulnerable devices.
The updated list includes 12 elevation of privilege vulnerabilities, two security feature bypass vulnerabilities, 38 remote code execution vulnerabilities, eight information disclosure vulnerabilities, 10 denial of service vulnerabilities, and eight spoofing vulnerabilities.
It's worth noting that this number does not include the three vulnerabilities that Microsoft fixed in its Edge web browser earlier this February.
The Patch Tuesday update fixes three security vulnerabilities that have been exploited in electronic attacks, including the CVE-2023-21823 vulnerability, which allows attackers to execute remote commands with system-level privileges. The second vulnerability, CVE-2023-21715, found in Microsoft Publisher, allows attackers to use a professionally crafted document to bypass Microsoft's policies for Office applications that prohibit untrusted or harmful files. The third vulnerability, CVE-2023-23376, allows attackers to gain system privileges.
Last January's update addressed 98 security vulnerabilities, including 11 "critical" vulnerabilities and 87 "important" vulnerabilities, with no vulnerabilities classified as "moderate."