In March 2023 Patch Tuesday Releases, Microsoft addressed 80 CVEs, of which nine were rated as critical, including 2 Zero-day, 66 as important, and one as moderate. This count also includes two CVEs (CVE-2023-1017 and CVE-2023-1018 ) found in a third-party Trusted Platform Module (TPM2.0) Library. It is essential to use a vulnerability management tool often to check for vulnerabilities in your IT infrastructure.
This month’s Microsoft March 2023 Patch Tuesday security patches cover various products and versions, including Azure, Microsoft Edge (Chromium-based), Visual Studio, and various Windows components such as Windows Kernel, TPM, and Windows Win32K. The products affected include Microsoft Bluetooth Driver, Microsoft Graphics Component, and Office applications such as Excel, Outlook, and SharePoint. Additionally, vulnerabilities were identified in Windows services such as Windows Bluetooth Service, Windows Cryptographic Services, and Windows HTTP Protocol Stack, among others.
Zero-day Vulnerabilities in Microsoft March 2023 Patch Tuesday
Microsoft March 2023 Patch Tuesday, fixed two zero-day vulnerabilities.
CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability could allow attackers to access the Net-NTLMv2 hash of a victim’s Windows account by sending a specially crafted email. The flaw, which is triggered automatically when the email is retrieved and processed by the email server, has been rated as critical by Microsoft. As a matter of fact, the company warned that STRONTIUM, a Russian state-sponsored hacking group, had already exploited the vulnerability to steal emails from targeted accounts. Nonetheless, CERT-UA, Microsoft Incident, and Microsoft Threat Intelligence reported the vulnerability.
CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability could be exploited to bypass the Windows Mark of the Web security warning. This vulnerability was a bypass to a previous zero-day, CVE-2022-44698, that was also exploited by Magniber and fixed by Microsoft in December. Although, it is found that the Magniber operation switched to using malformed authenticode signatures in MSI files to bypass the fix. Moreover, Microsoft says that the vulnerability was disclosed by researchers from Google’s Threat Analysis Group and Microsoft.
Critical Vulnerabilities Uncovered by Microsoft March 2023 Patch Tuesday
|Tag||CVE Number||CVE Title||Max Severity|
|Microsoft Dynamics||CVE-2022-41127||Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability||Critical|
|Windows HTTP Protocol Stack||CVE-2023-23392||HTTP Protocol Stack Remote Code Execution Vulnerability||Critical|
|Microsoft Office Outlook||CVE-2023-23397||Microsoft Outlook Elevation of Privilege Vulnerability||Critical|
|Windows Remote Procedure Call||CVE-2023-21708||Remote Procedure Call Runtime Remote Code Execution Vulnerability||Critical|
|Remote Access Service Point-to-Point Tunneling Protocol||CVE-2023-23404||Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability||Critical|
|Role: Windows Hyper-V||CVE-2023-23411||Windows Hyper-V Denial of Service Vulnerability||Critical|
|Internet Control Message Protocol (ICMP)||CVE-2023-23415||Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability||Critical|
|Windows Cryptographic Services||CVE-2023-23416||Windows Cryptographic Services Remote Code Execution Vulnerability||Critical|
|Windows TPM||CVE-2023-1017||CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability||Critical|
|Windows TPM||CVE-2023-1018||CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability||Critical|
Microsoft security bulletin summary for March 2023
This release includes security updates for the following products, features, and roles.
- Internet Control Message Protocol (ICMP)
- Microsoft Bluetooth Driver
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft OneDrive
- Microsoft Printer Drivers
- Microsoft Windows Codecs Library
- Remote Access Service Point-to-Point Tunneling Protocol
- Role: DNS Server
- Role: Windows Hyper-V
- Visual Studio
- Windows Accounts Control
- Windows Bluetooth Service
- Windows Central Resource Manager
- Windows Cryptographic Services
- Windows Defender
- Windows HTTP Protocol Stack
- Windows Kernel
- Windows Partition Management Driver
- Windows Point-to-Point Protocol over Ethernet (PPPoE)
- Windows Remote Procedure Call
- Windows Remote Procedure Call Runtime
- Windows Resilient File System (ReFS)
- Windows Secure Channel
- Windows SmartScreen
- Windows TPM
- Windows Win32K
Microsoft March 2023 Patch Tuesday affected products:
Product: Microsoft Windows.
CVEs/Advisory: CVE-2023-23392 , CVE-2023-1018 , CVE-2023-24911 , CVE-2023-24870 , CVE-2023-24880 , CVE-2023-24876 , CVE-2023-24908 , CVE-2023-24910 , CVE-2023-24909 , CVE-2023-24868 , CVE-2023-24872 , CVE-2023-23403 , CVE-2023-24871 , CVE-2023-24869 , CVE-2023-24907 , CVE-2023-1017 , CVE-2023-24913 , CVE-2023-24867 , CVE-2023-24906 , CVE-2023-24866 , CVE-2023-24865 , CVE-2023-24864 , CVE-2023-24863 , CVE-2023-24862 , CVE-2023-24861 , CVE-2023-24859 , CVE-2023-24858 , CVE-2023-24857 , CVE-2023-24856 , CVE-2023-23423 , CVE-2023-23422 , CVE-2023-23421 , CVE-2023-23420 , CVE-2023-23419 , CVE-2023-23418 , CVE-2023-23417 , CVE-2023-23416 , CVE-2023-23415 , CVE-2023-23414 , CVE-2023-23413 , CVE-2023-23412 , CVE-2023-23411 , CVE-2023-23410 , CVE-2023-23409 , CVE-2023-23407 , CVE-2023-23406 , CVE-2023-23405 , CVE-2023-23404 , CVE-2023-23402 , CVE-2023-23401 , CVE-2023-23400 , CVE-2023-23394 , CVE-2023-23393 , CVE-2023-23388 , CVE-2023-23385 , CVE-2023-21708
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KB’s: 5023696, 5023697, 5023698, 5023702, 5023705, 5023706, 5023713, 5023752, 5023754, 5023755, 5023756, 5023759, 5023764, 5023765, 5023769, 5023786
Product: Microsoft Office.
CVE/Advisory: CVE-2023-24910 , CVE-2023-23391 , CVE-2023-23397 , CVE-2023-23399 , CVE-2023-23398 , CVE-2023-23396
Impact: Elevation of Privilege, Spoofing, Remote Code Execution and then Denial of Service
These were the highlights of Microsoft March 2023 Patch Tuesday.