Microsoft addressed 74 CVEs through the 2023 March Patch Tuesday

by Alexandru Poloboc

Alexandru Poloboc

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,… read more

pt

Spring is officially here, but not everything comes down to flowers and baby rabbits. There are those who eagerly await Microsoft’s Patch Tuesday rollout.

And, as you know, it’s the second Tuesday of the month, which means that Windows users are looking towards the tech giant in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We have already taken the liberty of providing the direct download links for the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk CVEs again.

For March, Microsoft released 74 new patches, one less than last month, which is still more than some people were expecting for the third month of 2023.

These software updates address CVEs in:

  • Windows and Windows components
  • Office and Office Components
  • Exchange Server
  • .NET Core and Visual Studio Code
  • 3D Builder and Print 3D
  • Microsoft Azure and Dynamics 365
  • Defender for IoT and the Malware Protection Engine
  • Microsoft Edge (Chromium-based)

You probably want to know more on the matter, so let’s dive right into it and see what all the fuss is about this month.

74 new patches released to fix serious security issues

Let’s just say that February was far from being a busy month for Microsoft, and still, they managed to release a total of 75 updates.

However, it seems that the situation isn’t getting any better, since the tech giant released only one less update this month, for a total of 74.

Please keep in mind that, out of all the patches released today, six are rated Critical, 67 are rated Important, and only one is rated Moderate in severity.

Furthermore, remember that this is one of the largest volumes we’ve seen from Microsoft for a March release in quite some time.

We have to say that it is a bit unusual to see half of the Patch Tuesday release address remote code execution (RCE) bugs.

It’s important to be aware that two of the new CVEs are listed as under active attack at the time of release with one of those also being listed as publicly known.

That being said, let’s take a closer look at some of the more interesting updates for this month, starting with the bugs under active attack.

CVE Title Severity CVSS Public Exploited Type
CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability Important 9.1 No Yes Spoofing
CVE-2023-24880 Windows SmartScreen Security Feature Bypass Vulnerability Moderate 5.4 Yes Yes SFB
CVE-2023-23392 HTTP Protocol Stack Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-23415 Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-21708 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-23416 Windows Cryptographic Services Remote Code Execution Vulnerability Critical 8.4 No No RCE
CVE-2023-23411 Windows Hyper-V Denial of Service Vulnerability Critical 6.5 No No DoS
CVE-2023-23404 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2023-1017 * CERT/CC: TPM2.0 Module Library Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2023-1018 * CERT/CC: TPM2.0 Module Library Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2023-23394 Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-23409 Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-22490 * GitHub: CVE-2023-22490 Local clone-based data exfiltration with non-local transports Important 5.5 No No Info
CVE-2023-22743 * GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability Important 7.2 No No EoP
CVE-2023-23618 * GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability Important 8.6 No No RCE
CVE-2023-23946 * GitHub: CVE-2023-23946 Git path traversal vulnerability Important 6.2 No No EoP
CVE-2023-23389 Microsoft Defender Elevation of Privilege Vulnerability Important 6.3 No No EoP
CVE-2023-24892 Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability Important 7.1 No No Spoofing
CVE-2023-24919 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 5.4 No No XSS
CVE-2023-24879 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 5.4 No No XSS
CVE-2023-24920 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 5.4 No No XSS
CVE-2023-24891 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 5.4 No No XSS
CVE-2023-24921 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 4.1 No No XSS
CVE-2023-24922 Microsoft Dynamics 365 Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-23396 Microsoft Excel Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2023-23399 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-23398 Microsoft Excel Security Feature Bypass Vulnerability Important 7.1 No No SFB
CVE-2023-24923 Microsoft OneDrive for Android Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-24882 Microsoft OneDrive for Android Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-24890 Microsoft OneDrive for iOS Security Feature Bypass Vulnerability Important 4.3 No No SFB
CVE-2023-24930 Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-24864 Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2023-24856 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-24857 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-24858 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-24863 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-24865 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-24866 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-24906 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-24870 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-24911 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-23403 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-23406 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-23413 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-24867 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-24907 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-24868 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-24909 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-24872 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-24913 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-24876 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-23391 Office for Android Spoofing Vulnerability Important 5.5 No No Spoofing
CVE-2023-23405 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2023-24908 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2023-24869 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.1 No No RCE
CVE-2023-23383 Service Fabric Explorer Spoofing Vulnerability Important 8.2 No No Spoofing
CVE-2023-23395 SharePoint Open Redirect Vulnerability Important 3.1 No No Spoofing
CVE-2023-23412 Windows Accounts Picture Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-23388 Windows Bluetooth Driver Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2023-24871 Windows Bluetooth Service Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-23393 Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-23400 Windows DNS Server Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2023-24910 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-24861 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-23410 Windows HTTP.sys Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-24859 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-23420 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-23421 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-23422 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-23423 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-23401 Windows Media Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-23402 Windows Media Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-23417 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-23385 Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-23407 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2023-23414 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2023-23418 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-23419 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-24862 Windows Secure Channel Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2023-23408 Azure Apache Ambari Spoofing Vulnerability Important 4.5 No No Spoofing

Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.

Let’s look at CVE-2023-23397 for one second. Even though technically a spoofing bug, experts consider the result of this vulnerability to be an authentication bypass.

Thus, it allows a remote, unauthenticated attacker to access a user’s Net-NTLMv2 hash just by sending a specially crafted e-mail to an affected system.

CVE-2023-23392 could actually allow a remote, unauthenticated attacker to execute code at system level without user interaction.

Know that combination makes this bug wormable, at least through systems that meet the target requirements, and the target system needs to have HTTP/3 enabled and set to use buffered I/O.

There’s a CVSS 9.8 bug in RPC Runtime that also has some wormable potential. That being said, unlike ICMP, it is a good idea to block RPC traffic (specifically TCP port 135) at the perimeter.

Also, there’s a fair amount of Elevation of Privilege (EoP) bugs receiving patches this month, and the majority of these require the attacker to execute their code on a target to escalate privileges.

Moving on to the information disclosure vulnerabilities receiving patches this month, the vast majority simply result in info leaks consisting of unspecified memory contents.

However, there are a couple of exceptions. The bug in Microsoft Dynamics 365 could leak a verbose error message that attackers could use to create malicious payloads.

And, the two bugs in OneDrive for Android could leak certain Android/local URIs that OneDrive can access.

Once again, you will most likely need to get this patch from the Google Play store if you haven’t configured automatic app updates.

We have to point out that there are three additional DoS fixes released this month. There’s no additional info about the patches for Windows Secure Channel or the Internet Key Exchange (IKE) Extension.

On that note, we can expect a successful exploit of these bugs to interfere with authentication processes, so make sure you keep that in mind at all times.

Feel free to check each individual CVE and find out more about what it means, how it manifests, and what scenarios can malicious third parties use to exploit them.

Have you found any other issues after installing this month’s security updates? Share your experience with us in the comments section below.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *