⚠ Actively exploited
Added to CISA KEV on 2023-02-14. Federal agencies required to patch by 2023-03-07. Required action: Apply updates per vendor instructions..

CVE-2023-21823

CWE-190Integer Overflow12 documents8 sources
Severity
7.8HIGH
EPSS
5.2%
top 10.03%
CISA KEV
KEV
Added 2023-02-14
Due 2023-03-07
Exploit
Exploited in wild
Active exploitation observed
Affected products
33
Microsoft Microsoft Office FOR AndroidMicrosoft Microsoft Office FOR IOSMicrosoft Microsoft Office FOR Universal+30 more
Timeline
PublishedFeb 14
KEV addedFeb 14
KEV dueMar 7
Latest updateJun 18
CISA Required Action: Apply updates per vendor instructions.

Description

Windows Graphics Component Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages33 packages

NVDmicrosoft/windows_10_1507< 10.0.10240.19747
NVDmicrosoft/windows_10_1607< 10.0.14393.5717
NVDmicrosoft/windows_10_1809< 10.0.17763.4010
NVDmicrosoft/windows_10_20h2< 10.0.19042.2604
NVDmicrosoft/windows_10_21h2< 10.0.19044.2604

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

7
OSV
linux-hwe-6.5 vulnerabilities2024-06-18
OSV
linux-nvidia-6.5 vulnerabilities2024-06-14
OSV
linux-laptop vulnerabilities2024-06-10
OSV
linux, linux-gcp, linux-gcp-6.5, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-raspi vulnerabilities2024-06-07
GHSA
GHSA-7ggm-m49m-ff38: Windows Graphics Component Remote Code Execution Vulnerability2023-02-14

📋Vendor Advisories

2
Microsoft
Windows Graphics Component Remote Code Execution Vulnerability2023-02-14
CISA
Microsoft Windows Graphic Component Privilege Escalation Vulnerability2023-02-14

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities2023-02-14