On Tuesday, Microsoft released its monthly security update, which fixes three discovered and exploited vulnerabilities, along with 75 other bugs.
Nine of the vulnerabilities are rated critical because they allow remote code execution on vulnerable machines.
The list of patched vulnerabilities includes 12 privilege escalation vulnerabilities, 2 security feature bypass vulnerabilities, 38 remote code execution vulnerabilities, 8 information disclosure vulnerabilities, 10 denial of service vulnerabilities, and 8 identity theft vulnerabilities.
It should be noted that this number does not include the three bugs that Microsoft fixed in its Edge web browser in early February.
Dubbed Tuesday, the update fixes three previously discovered vulnerabilities that were exploited in cyberattacks. The first, followed by CVE-2023-21823, allows an attacker to execute commands remotely with system-wide privileges.
The second vulnerability, CVE-2023-21715, discovered in Microsoft Publisher allows attackers to use professionally designed documents to bypass mini policies that prevent Microsoft Office applications from blocking untrusted or malicious files. The third vulnerability: CVE-2023-23376 allows an attacker to gain system privileges.
It should be noted that last year's January update fixed a total of 98 vulnerabilities, including: 11 "critical" vulnerabilities, 87 "important" vulnerabilities, none of which belong to the "moderate" category.