Spring is officially here, but not everything comes down to flowers and baby rabbits. There are those who eagerly await Microsoft’s Patch Tuesday rollout.
And, as you know, it’s the second Tuesday of the month, which means that Windows users are looking towards the tech giant in hopes that some of the flaws they’ve been struggling with will finally get fixed.
We have already taken the liberty of providing the direct download links for the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk CVEs again.
For March, Microsoft released 74 new patches, one less than last month, which is still more than some people were expecting for the third month of 2023.
These software updates address CVEs in:
- Windows and Windows components
- Office and Office Components
- Exchange Server
- .NET Core and Visual Studio Code
- 3D Builder and Print 3D
- Microsoft Azure and Dynamics 365
- Defender for IoT and the Malware Protection Engine
- Microsoft Edge (Chromium-based)
You probably want to know more on the matter, so let’s dive right into it and see what all the fuss is about this month.
74 new patches released to fix serious security issues
Let’s just say that February was far from being a busy month for Microsoft, and still, they managed to release a total of 75 updates.
However, it seems that the situation isn’t getting any better, since the tech giant released only one less update this month, for a total of 74.
Please keep in mind that, out of all the patches released today, six are rated Critical, 67 are rated Important, and only one is rated Moderate in severity.
Furthermore, remember that this is one of the largest volumes we’ve seen from Microsoft for a March release in quite some time.
We have to say that it is a bit unusual to see half of the Patch Tuesday release address remote code execution (RCE) bugs.
It’s important to be aware that two of the new CVEs are listed as under active attack at the time of release with one of those also being listed as publicly known.
That being said, let’s take a closer look at some of the more interesting updates for this month, starting with the bugs under active attack.
CVE | Title | Severity | CVSS | Public | Exploited | Type |
CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | Important | 9.1 | No | Yes | Spoofing |
CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate | 5.4 | Yes | Yes | SFB |
CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE |
CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE |
CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical | 9.8 | No | No | RCE |
CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE |
CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability | Critical | 6.5 | No | No | DoS |
CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
CVE-2023-1017 * | CERT/CC: TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical | 8.8 | No | No | EoP |
CVE-2023-1018 * | CERT/CC: TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical | 8.8 | No | No | EoP |
CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2023-22490 * | GitHub: CVE-2023-22490 Local clone-based data exfiltration with non-local transports | Important | 5.5 | No | No | Info |
CVE-2023-22743 * | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability | Important | 7.2 | No | No | EoP |
CVE-2023-23618 * | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability | Important | 8.6 | No | No | RCE |
CVE-2023-23946 * | GitHub: CVE-2023-23946 Git path traversal vulnerability | Important | 6.2 | No | No | EoP |
CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability | Important | 6.3 | No | No | EoP |
CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Important | 7.1 | No | No | Spoofing |
CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 5.4 | No | No | XSS |
CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 5.4 | No | No | XSS |
CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 5.4 | No | No | XSS |
CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 5.4 | No | No | XSS |
CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 4.1 | No | No | XSS |
CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability | Important | 5.5 | No | No | DoS |
CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2023-23398 | Microsoft Excel Security Feature Bypass Vulnerability | Important | 7.1 | No | No | SFB |
CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability | Important | 4.3 | No | No | SFB |
CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | Important | 8.8 | No | No | EoP |
CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-23391 | Office for Android Spoofing Vulnerability | Important | 5.5 | No | No | Spoofing |
CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.1 | No | No | RCE |
CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.1 | No | No | RCE |
CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important | 8.1 | No | No | RCE |
CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability | Important | 8.2 | No | No | Spoofing |
CVE-2023-23395 | SharePoint Open Redirect Vulnerability | Important | 3.1 | No | No | Spoofing |
CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important | 8.8 | No | No | EoP |
CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability | Important | 7.2 | No | No | RCE |
CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | Important | 7 | No | No | EoP |
CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important | 7.1 | No | No | RCE |
CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important | 7.1 | No | No | RCE |
CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability | Important | 5.5 | No | No | DoS |
CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability | Important | 4.5 | No | No | Spoofing |
Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.
Let’s look at CVE-2023-23397 for one second. Even though technically a spoofing bug, experts consider the result of this vulnerability to be an authentication bypass.
Thus, it allows a remote, unauthenticated attacker to access a user’s Net-NTLMv2 hash just by sending a specially crafted e-mail to an affected system.
CVE-2023-23392 could actually allow a remote, unauthenticated attacker to execute code at system level without user interaction.
Know that combination makes this bug wormable, at least through systems that meet the target requirements, and the target system needs to have HTTP/3 enabled and set to use buffered I/O.
There’s a CVSS 9.8 bug in RPC Runtime that also has some wormable potential. That being said, unlike ICMP, it is a good idea to block RPC traffic (specifically TCP port 135) at the perimeter.
Also, there’s a fair amount of Elevation of Privilege (EoP) bugs receiving patches this month, and the majority of these require the attacker to execute their code on a target to escalate privileges.
Moving on to the information disclosure vulnerabilities receiving patches this month, the vast majority simply result in info leaks consisting of unspecified memory contents.
However, there are a couple of exceptions. The bug in Microsoft Dynamics 365 could leak a verbose error message that attackers could use to create malicious payloads.
And, the two bugs in OneDrive for Android could leak certain Android/local URIs that OneDrive can access.
Once again, you will most likely need to get this patch from the Google Play store if you haven’t configured automatic app updates.
We have to point out that there are three additional DoS fixes released this month. There’s no additional info about the patches for Windows Secure Channel or the Internet Key Exchange (IKE) Extension.
On that note, we can expect a successful exploit of these bugs to interfere with authentication processes, so make sure you keep that in mind at all times.
Feel free to check each individual CVE and find out more about what it means, how it manifests, and what scenarios can malicious third parties use to exploit them.
Have you found any other issues after installing this month’s security updates? Share your experience with us in the comments section below.
Start a conversation
Leave a Comment