Microsoft fixes three zero-days in its 75-flaw February Patc
ZDNews | at | by Mike
Microsoft's February Patch Tuesday brings fixes for 75 flaws, and among them are fixes for three vulnerabilities for which exploits already exist. The three zero days affect Microsoft Publisher, the Windows Common Log File System Driver, and the Windows Graphics Component.
The Microsoft Publisher flaw, CVE-2023-21715, is a security feature bypass vulnerability with an "important" severity rating from Microsoft. An attacker could bypass Office macro policies used to block untrusted or malicious files. Normally, Office alerts users that a file is untrusted before allowing it to run.