On February 14, 2023, Microsoft released more than 70 security patches as part of regular Patch Tuesday. Microsoft observed CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823 were exploited in the wild.Why is this Significant?This is significant because three vulnerabilities (CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823) were observed to have been exploited in the field as such corresponding patches should be applied as soon as possible.What is CVE-2023-21715?CVE-2023-23376 is a security feature bypass vulnerability in Microsoft Office and allows an attacker to bypass a security feature designed to block malicious macros. Exploiting this vulnerability requires a local authenticated user, and at in parallel a victim needs to be lured into downloading and opening a malicious file from the internet.The vulnerability has a CVSS base score of 7.3 and is rated important by Microsoft.What is CVE-2023-23376?CVE-2023-23376 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). The vulnerability has a CVSS base score of 7.8 and is rated important by Microsoft.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted application. A remote attacker may be able to exploit this to escalate their privileges on vulnerable systems. Since the vulnerability is a local privilege escalation, an attacker needs to have access to the victims’ network to exploit the vulnerability.What is CVE-2023-21823?CVE-2023-21823 is an elevation of privilege vulnerability in Windows Graphics Component that allows an attacker to gain SYSTEM privileges and execute commands as such upon successful exploitation. The vulnerability has a CVSS base score of 7.8 and is rated important by Microsoft..Reportedly Kevin Breen of Immersive Labs claimed that Microsoft OneNote was leveraged in observed attacks involving CVE-2023-21823.Note that a patch for this vulnerability may only be available via the Microsoft Store. For details, see the Appendix for a link to “CVE-2023-21823 (Microsoft)”.What is the Status of Protection?FortiGuard Labs released the following IPS signatures in version 22.495 for CVE-2023-23376 and CVE-2023-21823:MS.Windows.CVE-2023-23376.Privilege.Elevation (CVE-2023-23376) MS.Windows.Win32k.GDI.ExtTextOut.Privilege.Elevation (CVE-2023-21823)Default action for both signatures are set to “pass”.As of this writing, CVE-2023-21715 has no sufficient information that allows us to investigate coverage. This Threat Signal will be updated once new information becomes available.