The Microsoft March 2023 Security Updates includes patches and advisories for 101 vulnerabilities, including 9 Critical severity issues and two zero-days exploited in the wild.
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
In all, the Microsoft monthly security updates fixes vulnerabilities in the following products, features and roles:
- Client Server Run-time Subsystem (CSRSS)
- Internet Control Message Protocol (ICMP)
- Microsoft Bluetooth Driver
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft OneDrive
- Microsoft PostScript Printer Driver
- Microsoft Printer Drivers
- Microsoft Windows Codecs Library
- Office for Android
- Remote Access Service Point-to-Point Tunneling Protocol
- Role: DNS Server
- Role: Windows Hyper-V
- Service Fabric
- Visual Studio
- Windows Accounts Control
- Windows Bluetooth Service
- Windows Central Resource Manager
- Windows Cryptographic Services
- Windows Defender
- Windows HTTP Protocol Stack
- Windows HTTP.sys
- Windows Internet Key Exchange (IKE) Protocol
- Windows Kernel
- Windows Partition Management Driver
- Windows Point-to-Point Protocol over Ethernet (PPPoE)
- Windows Remote Procedure Call
- Windows Remote Procedure Call Runtime
- Windows Resilient File System (ReFS)
- Windows Secure Channel
- Windows SmartScreen
- Windows TPM
- Windows Win32K
Microsoft patched two zero day vulnerabilities on March 14, 2023 that were reported exploited in the wild:
- CVE-2023-23397 (CVSS 9.8): Microsoft Outlook Elevation of Privilege Vulnerability
- CVE-2023-24880 (CVSS 5.4): Windows SmartScreen Security Feature Bypass Vulnerability.
According to Microsoft, an attacker who successfully exploited the Critically rated CVE-2023-23397 “could access a user’s Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.”
“External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim,” Microsoft added.
Bleeping Computer also wrote that a Russian hacking group (also tracked as APT28, STRONTIUM, Sednit, Sofacy, and Fancy Bear) have been exploiting CVE-2023-23397 in targeted attacks against European organizations since April of 2022.
Regarding CVE-2023-24880, Microsoft warns that “an attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”
CISA also added each of these two zero-days to its Known Exploited Vulnerabilities Catalog and wrote “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.”
In addition, Microsoft patched the following five (5) Critical Remote Code Execution (RCE) vulnerabilities (along with CVSS score) on March 14, 2023:
- CVE-2023-21708 (CVSS 9.8): Remote Procedure Call Runtime Remote Code Execution Vulnerability
- CVE-2023-23392 (CVSS 9.8): HTTP Protocol Stack Remote Code Execution Vulnerability
- CVE-2023-23404 (CVSS 8.1): Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-23415 (CVSS 9.8): Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
- CVE-2023-23416 (CVSS 8.4): Windows Cryptographic Services Remote Code Execution Vulnerability.
Microsoft confirmed three of the Critical RCE vulnerabilities (CVE-2023-23392, CVE-2023-23415, and CVE-2023-23416) all were each likely of being exploited, so should be prioritized for patching.
Other Critical CVEs
Microsoft also fixed a denial of service (DoS) vulnerability CVE-2023-23411 (CVSS 6.5). A successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.
Moreover, the tech giant addressed two other Critical Elevation of Privilege Vulnerabilities:
- CVE-2023-1017 (CVSS 8.8): TPM2.0 Module Library Elevation of Privilege Vulnerability
- CVE-2023-1018 (CVSS 8.8): TPM2.0 Module Library Elevation of Privilege Vulnerability
Each of these issues were less likely to be exploited.
Other Important CVEs
Finally, Microsoft addressed multiple other vulnerabilities in multiple products on March 14, 2023.
The patched issues rated Important in severity include Denial of Service (3), Elevation of Privilege (18), Information Disclosure (15), Remote Code Execution (22), Security Feature Bypass (8), and Spoofing (2) vulnerabilities.
The monthly update also covers 21 Moderate rated Chrome Edge patches released on March 13.
- Microsoft: RaaS attacks continue to evolve and expand
- Microsoft February 2023 Security Updates addresses 79 vulnerabilities (9 rated Critical, 3 zero days)
- CISA adds 2 Microsoft vulnerabilities to Known Exploited Vulnerabilities Catalog (to include 1 Windows zero-day)
- Microsoft report highlights Mac ransomware threats and techniques
- Apple Fixes Exploited Zero-Day Vulnerability (CVE-2023-23529) in IOS, Safari and macOS