Today is Microsoft's March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws.
Nine vulnerabilities have been classified as 'Critical' for allowing remote code execution, denial of service, or elevation of privileges attacks.
The number of bugs in each vulnerability category is listed below:
- 21 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 27 Remote Code Execution Vulnerabilities
- 15 Information Disclosure Vulnerabilities
- 4 Denial of Service Vulnerabilities
- 10 Spoofing Vulnerabilities
- 1 Edge - Chromium Vulnerability
This count does not include twenty-one Microsoft Edge vulnerabilities fixed yesterday.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5023706 and KB5023698 cumulative updates and Windows 10 KB5023696 and KB5023697 updates.
Two zero-days fixed
This month's Patch Tuesday fixes two zero-day vulnerabilities actively exploited in attacks.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The two actively exploited zero-day vulnerabilities fixed in today's updates are:
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft has fixed a Microsoft Outlook privilege elevation bug that allows specially crafted emails to force a target's device to connect to a remote URL and transmit the Windows account's Net-NTLMv2 hash.
"External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.," reads Microsoft's advisory.
Microsoft warns that this flaw will be triggered before it is read in the preview pane as the vulnerability "triggers automatically when it is retrieved and processed by the email server."
In a private threat analytics report seen by BleepingComputer, Microsoft says that this Outlook vulnerability was exploited by STRONTIUM, a state-sponsored Russian hacking group.
Using this vulnerability, the threat actors gathered target's NTLM hashes to breach the victims' networks, where the threat actors stole emails for specific accounts.
This vulnerability was disclosed by CERT-UA, Microsoft Incident, Microsoft Threat Intelligence (MSTI).
CVE-2023-24880 - Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft has fixed an actively exploited zero-day vulnerability in Windows SmartScreen that can be used to create executables that bypass the Windows Mark of the Web security warning.
"An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging," reads Microsoft's advisory.
This vulnerability was discovered by Google’s Threat Analysis Group, who spotted it being exploited by the Magniber ransomware operation.
After analyzing the vulnerability, Google TAG determined that it was a bypass to a previous CVE-2022-44698 zero-day exploited by Magniber and fixed by Microsoft in December.
When exploiting the CVE-2022-44698, the threat actors utilized stand-alone, signed JavaScript (.JS) files with a malformed signature. This flaw caused Windows SmartScreen to generate an error and bypass the MoTW warnings.
After Microsoft fixed CVE-2022-44698 in December, Google found that the Magniber operation switched to using malformed authenticode signatures in MSI files to bypass the fix.
Google explained that this bypass was caused by Microsoft fixing only the initially reported JavaScript file abuse rather than fixing the root cause of the bug.
Microsoft says that the vulnerability was disclosed by Benoît Sevens and Vlad Stolyarov of Google’s Threat Analysis Group and Bill Demirkapi of Microsoft.
Recent updates from other companies
Other vendors who released updates in March 2023 include:
- Apple released a security update for GarageBand for macOS 10.4.8.
- Cisco released security updates for multiple products.
- Google released the Android March 2023, ChromeOS, and Google Chrome security updates.
- Fortinet released a security update for a FortiOS bug that is actively exploited in attacks.
- SAP has released its March 2023 Patch Day updates.
- Veeam released security updates for a RCE flaw in Veeam Backup & Replication (VBR).
The March 2023 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisory for the March 2023 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Azure | CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability | Important |
| Client Server Run-time Subsystem (CSRSS) | CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important |
| Client Server Run-time Subsystem (CSRSS) | CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important |
| Internet Control Message Protocol (ICMP) | CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | Critical |
| Mariner | CVE-2023-0567 | Unknown | Unknown |
| Mariner | CVE-2023-20052 | Unknown | Unknown |
| Mariner | CVE-2023-20032 | Unknown | Unknown |
| Microsoft Bluetooth Driver | CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2023-1236 | Chromium: CVE-2023-1236 Inappropriate implementation in Internals | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1235 | Chromium: CVE-2023-1235 Type Confusion in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1213 | Chromium: CVE-2023-1213 Use after free in Swiftshader | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2023-1234 | Chromium: CVE-2023-1234 Inappropriate implementation in Intents | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1223 | Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1222 | Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1221 | Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1229 | Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1228 | Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1224 | Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1220 | Chromium: CVE-2023-1220 Heap buffer overflow in UMA | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1216 | Chromium: CVE-2023-1216 Use after free in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1215 | Chromium: CVE-2023-1215 Type Confusion in CSS | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1214 | Chromium: CVE-2023-1214 Type Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1219 | Chromium: CVE-2023-1219 Heap buffer overflow in Metrics | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1218 | Chromium: CVE-2023-1218 Use after free in WebRTC | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1217 | Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1230 | Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1232 | Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1233 | Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1231 | Chromium: CVE-2023-1231 Inappropriate implementation in Autofill | Unknown |
| Microsoft Graphics Component | CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Office Excel | CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability | Important |
| Microsoft Office Excel | CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability | Important |
| Microsoft Office Excel | CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft OneDrive | CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability | Important |
| Microsoft OneDrive | CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | Important |
| Microsoft OneDrive | CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Important |
| Microsoft OneDrive | CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability | Important |
| Office for Android | CVE-2023-23391 | Office for Android Spoofing Vulnerability | Important |
| Remote Access Service Point-to-Point Tunneling Protocol | CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Role: DNS Server | CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability | Critical |
| Service Fabric | CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability | Important |
| Visual Studio | CVE-2023-23618 | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2023-22743 | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2023-23946 | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2023-22490 | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability | Important |
| Windows Accounts Control | CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability | Important |
| Windows Bluetooth Service | CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability | Important |
| Windows Central Resource Manager | CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability | Critical |
| Windows Defender | CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability | Important |
| Windows HTTP Protocol Stack | CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical |
| Windows HTTP.sys | CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Partition Management Driver | CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | Important |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call | CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
| Windows Remote Procedure Call Runtime | CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Remote Procedure Call Runtime | CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows Resilient File System (ReFS) | CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
| Windows Resilient File System (ReFS) | CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
| Windows Secure Channel | CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows SmartScreen | CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate |
| Windows TPM | CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical |
| Windows TPM | CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical |
| Windows Win32K | CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Comments
joerocksford - 1 year ago
You left out SonicWall.
SMA update March 1st.
OS 7 update March 2nd. 7.0.1-5111
dparmentier - 1 year ago
We have a few virtual machines in Windows Server 2019 that won't restart after the upgrade...