Table of Contents
January 2, 2024
|13m
Breaking Down the Latest March 2023 Patch Tuesday Report
The March 2023 Patch Tuesday report is out, and it’s packed with important security updates. Microsoft released 80 fixes, 9 of which are rated as critical. This month’s Patch Tuesday is important for IT professionals and system administrators, as it includes two zero-day vulnerabilities and 83 flaws that need to be addressed.
These vulnerabilities could potentially allow attackers to gain unauthorized access to sensitive information, execute malicious code, or cause a denial-of-service condition. It is recommended that users apply these updates as soon as possible to avoid potential exploitation.
In this blog post, we’ll discuss the latest March 2023 Patch Tuesday report from Microsoft and the most important updates. We’ll also provide some tips on how to make sure your systems are up-to-date with the latest security patches.
So let’s dive in and take a closer look at what this month’s Patch Tuesday has to offer!
Microsoft Patch Tuesday March 2023 Report Summary:
Microsoft released the March 2023 Patch Tuesday on 14th March. Let’s see the summary of the report:
Microsoft’s March 2023 Patch Tuesday release was a big one, with 80 vulnerabilities across the company’s hardware and software line. Of these, 9 were rated as critical, 70 as important, and 1 as moderate.
The most notable of these vulnerabilities included two zero-day flaws that were actively being exploited in Outlook and SmartScreen. Microsoft also released an update for Windows 8.1 users to remind them that the operating system had reached end of support on January 10th, 2023.
The March 2023 update includes fixes for two zero-day vulnerabilities, which are actively being exploited in the wild.
Out of 9 Critical vulnerabilities, 5 are Remote Code Execution vulnerabilities, 3 are Privilege Escalation, and one is Denial of Service.
The products covered in the March security update include Microsoft Windows, Office, Azure, Microsoft System Center, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Visual Studio, Microsoft Edge, and many Developer Tools.
The update also includes non-security updates for Windows 10: Windows 11 KB5023706 and KB5023698 cumulative updates and Windows 10 KB5023696 and KB5023697 updates.
Vulnerabilities by Category:
Here’s a table showing the number of bugs in each vulnerability category:
| Vulnerability Category | Number of Bugs |
| Remote Code Execution | 27 |
| Elevation of Privilege | 21 |
| Information Disclosure | 15 |
| Spoofing | 10 |
| Denial of Service | 4 |
| Security Feature Bypass | 2 |
| Edge – Chromium Vulnerability | 1 |
The table provides information about the number of bugs in different categories of vulnerabilities. It shows that there are 21 Elevation of Privilege vulnerabilities, 2 Security Feature Bypass vulnerabilities, 27 Remote Code Execution vulnerabilities, 15 Information Disclosure vulnerabilities, 4 Denial of Service vulnerabilities, 10 Spoofing vulnerabilities, and 1 Edge-Chromium vulnerability.
List of Zero-Day Vulnerabilities Patched in March 2023 Patch Tuesday:
The term “zero-day” refers to the fact that developers have zero days to fix the issue before attackers can take advantage of it. These are considered the most dangerous since they are set to exploit before patches are released. Microsoft announced that it had fixed two zero-day vulnerabilities being exploited in the wild.
| CVE ID | Vulnerable Product/Application | Vulnerability Type |
|---|---|---|
| CVE-2023-23397 | Microsoft Outlook | Elevation of Privilege |
| CVE-2023-24880 | Windows SmartScreen | Security Features Bypass |
Microsoft Outlook Elevation of Privilege Vulnerability – CVE-2023-23397
If you are a Microsoft Outlook user, you need to be aware of a newly discovered vulnerability that can compromise your system. CVE-2023-23397 is an elevation of privilege vulnerability that allows attackers to access a user’s Net-NTLMv2 hash, which can be used to carry out an NTLM Relay attack against another service to authenticate as the user.
This vulnerability can be exploited by a low-complexity attack through specially crafted emails sent by attackers to connect the victim to an external attacker’s control UNC location. The email will be triggered automatically when retrieved and processed by the Outlook client, allowing the attacker to access the Net-NTLMv2 hash before the email is even viewed in the Preview Pane.
The consequences of this vulnerability can be severe, as it allows attackers to authenticate as the user and gain access to sensitive information. This can be a severe threat to individuals and organizations that use Outlook for their daily operations. Active exploitation of this vulnerability has been detected, and it is crucial to take immediate action to prevent any further damage.
Windows SmartScreen Security Feature Bypass Vulnerability – CVE-2023-24880
Another critical vulnerability that has been recently discovered is CVE-2023-24880, a Windows SmartScreen Security Feature Bypass Vulnerability. Microsoft has confirmed that this vulnerability is being actively exploited in the wild, and it is essential to take immediate action to prevent any further damage.
SmartScreen is a Windows security feature that helps protect users from downloading files from unreliable sources. When a user tries to download a file from the Internet, Windows adds a hidden tag called the Mark of the Web (MOTW) to the file. This feature restricts the capability and usage of files with the MOTW tag.
This vulnerability can be exploited by crafting a malicious file to bypass the Mark of the Web (MOTW) defenses. Attackers can use this vulnerability to bypass the SmartScreen feature and download malicious files to your system.
List of Critical Vulnerabilities Patched in March 2023 Patch Tuesday:
The severity of the identified vulnerabilities is measured in the CVSS score. CVSS is a scale measured from 0 to 10 where 0 is the least severe and 10 is the most severe Vulnerability. All the vulnerabilities are assigned a CVSS number between 0.0 to 10.10 depending on several factors, including the attack vector, the attack complexity, and the impact on confidentiality, integrity, and availability. The vulnerabilities assigned the CVSS score between 0 to 4 are labeled ‘Low’ severity. The vulnerabilities assigned the CVSS score between 4 to 7 are labeled ‘Medium’ severity. Similarly, the vulnerabilities assigned a CVSS score between 7 to 8 are labeled ‘High’ severity, and the CVSS score between 9 to 10 is ‘Critical’ in severity.
The below table lists the vulnerabilities considered Critical in severity.
| CVE ID | CVE Title |
| CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
| CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability |
| CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability |
| CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability |
| CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability |
Complete List of Vulnerabilities Patched in March 2023 Patch Tuesday Are:
You can download the complete list of the patched vulnerabilities from the official Microsoft security updates sheet from here.
| CVE ID | Severity | CVE Title | Tag |
| CVE-2023-23408 | Important | Azure Apache Ambari Spoofing Vulnerability | Azure |
| CVE-2023-23409 | Important | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Client Server Run-time Subsystem (CSRSS) |
| CVE-2023-23394 | Important | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Client Server Run-time Subsystem (CSRSS) |
| CVE-2023-23415 | Critical | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | Internet Control Message Protocol (ICMP) |
| CVE-2023-0567 | Unknown | Unknown | Mariner |
| CVE-2023-20052 | Unknown | Unknown | Mariner |
| CVE-2023-20032 | Unknown | Unknown | Mariner |
| CVE-2023-23388 | Important | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Microsoft Bluetooth Driver |
| CVE-2023-24920 | Important | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics |
| CVE-2023-24879 | Important | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics |
| CVE-2023-24919 | Important | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics |
| CVE-2023-24891 | Important | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics |
| CVE-2023-24922 | Important | Microsoft Dynamics 365 Information Disclosure Vulnerability | Microsoft Dynamics |
| CVE-2023-24921 | Important | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics |
| CVE-2023-1236 | Unknown | Chromium: CVE-2023-1236 Inappropriate implementation in Internals | Microsoft Edge (Chromium-based) |
| CVE-2023-1235 | Unknown | Chromium: CVE-2023-1235 Type Confusion in DevTools | Microsoft Edge (Chromium-based) |
| CVE-2023-1213 | Unknown | Chromium: CVE-2023-1213 Use after free in Swiftshader | Microsoft Edge (Chromium-based) |
| CVE-2023-24892 | Important | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Microsoft Edge (Chromium-based) |
| CVE-2023-1234 | Unknown | Chromium: CVE-2023-1234 Inappropriate implementation in Intents | Microsoft Edge (Chromium-based) |
| CVE-2023-1223 | Unknown | Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill | Microsoft Edge (Chromium-based) |
| CVE-2023-1222 | Unknown | Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API | Microsoft Edge (Chromium-based) |
| CVE-2023-1221 | Unknown | Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API | Microsoft Edge (Chromium-based) |
| CVE-2023-1229 | Unknown | Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts | Microsoft Edge (Chromium-based) |
| CVE-2023-1228 | Unknown | Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents | Microsoft Edge (Chromium-based) |
| CVE-2023-1224 | Unknown | Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API | Microsoft Edge (Chromium-based) |
| CVE-2023-1220 | Unknown | Chromium: CVE-2023-1220 Heap buffer overflow in UMA | Microsoft Edge (Chromium-based) |
| CVE-2023-1216 | Unknown | Chromium: CVE-2023-1216 Use after free in DevTools | Microsoft Edge (Chromium-based) |
| CVE-2023-1215 | Unknown | Chromium: CVE-2023-1215 Type Confusion in CSS | Microsoft Edge (Chromium-based) |
| CVE-2023-1214 | Unknown | Chromium: CVE-2023-1214 Type Confusion in V8 | Microsoft Edge (Chromium-based) |
| CVE-2023-1219 | Unknown | Chromium: CVE-2023-1219 Heap buffer overflow in Metrics | Microsoft Edge (Chromium-based) |
| CVE-2023-1218 | Unknown | Chromium: CVE-2023-1218 Use after free in WebRTC | Microsoft Edge (Chromium-based) |
| CVE-2023-1217 | Unknown | Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting | Microsoft Edge (Chromium-based) |
| CVE-2023-1230 | Unknown | Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs | Microsoft Edge (Chromium-based) |
| CVE-2023-1232 | Unknown | Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing | Microsoft Edge (Chromium-based) |
| CVE-2023-1233 | Unknown | Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing | Microsoft Edge (Chromium-based) |
| CVE-2023-1231 | Unknown | Chromium: CVE-2023-1231 Inappropriate implementation in Autofill | Microsoft Edge (Chromium-based) |
| CVE-2023-24910 | Important | Windows Graphics Component Elevation of Privilege Vulnerability | Microsoft Graphics Component |
| CVE-2023-23398 | Important | Microsoft Excel Spoofing Vulnerability | Microsoft Office Excel |
| CVE-2023-23396 | Important | Microsoft Excel Denial of Service Vulnerability | Microsoft Office Excel |
| CVE-2023-23399 | Important | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel |
| CVE-2023-23397 | Critical | Microsoft Outlook Elevation of Privilege Vulnerability | Microsoft Office Outlook |
| CVE-2023-23395 | Important | Microsoft SharePoint Server Spoofing Vulnerability | Microsoft Office SharePoint |
| CVE-2023-24890 | Important | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability | Microsoft OneDrive |
| CVE-2023-24930 | Important | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | Microsoft OneDrive |
| CVE-2023-24882 | Important | Microsoft OneDrive for Android Information Disclosure Vulnerability | Microsoft OneDrive |
| CVE-2023-24923 | Important | Microsoft OneDrive for Android Information Disclosure Vulnerability | Microsoft OneDrive |
| CVE-2023-24907 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24857 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24868 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24872 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24876 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24913 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24864 | Important | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24866 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24906 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24867 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24863 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24858 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24911 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24870 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24909 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-23406 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-23413 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24856 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft PostScript Printer Driver |
| CVE-2023-24865 | Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Microsoft Printer Drivers |
| CVE-2023-23403 | Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Microsoft Printer Drivers |
| CVE-2023-23401 | Important | Windows Media Remote Code Execution Vulnerability | Microsoft Windows Codecs Library |
| CVE-2023-23402 | Important | Windows Media Remote Code Execution Vulnerability | Microsoft Windows Codecs Library |
| CVE-2023-23391 | Important | Office for Android Spoofing Vulnerability | Office for Android |
| CVE-2023-23404 | Critical | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Remote Access Service Point-to-Point Tunneling Protocol |
| CVE-2023-23400 | Important | Windows DNS Server Remote Code Execution Vulnerability | Role: DNS Server |
| CVE-2023-23411 | Critical | Windows Hyper-V Denial of Service Vulnerability | Role: Windows Hyper-V |
| CVE-2023-23383 | Important | Service Fabric Explorer Spoofing Vulnerability | Service Fabric |
| CVE-2023-23618 | Important | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability | Visual Studio |
| CVE-2023-22743 | Important | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability | Visual Studio |
| CVE-2023-23946 | Important | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability | Visual Studio |
| CVE-2023-22490 | Important | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability | Visual Studio |
| CVE-2023-23412 | Important | Windows Accounts Picture Elevation of Privilege Vulnerability | Windows Accounts Control |
| CVE-2023-24871 | Important | Windows Bluetooth Service Remote Code Execution Vulnerability | Windows Bluetooth Service |
| CVE-2023-23393 | Important | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | Windows Central Resource Manager |
| CVE-2023-23416 | Critical | Windows Cryptographic Services Remote Code Execution Vulnerability | Windows Cryptographic Services |
| CVE-2023-23389 | Important | Microsoft Defender Elevation of Privilege Vulnerability | Windows Defender |
| CVE-2023-23392 | Critical | HTTP Protocol Stack Remote Code Execution Vulnerability | Windows HTTP Protocol Stack |
| CVE-2023-23410 | Important | Windows HTTP.sys Elevation of Privilege Vulnerability | Windows HTTP.sys |
| CVE-2023-24859 | Important | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Windows Internet Key Exchange (IKE) Protocol |
| CVE-2023-23420 | Important | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel |
| CVE-2023-23422 | Important | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel |
| CVE-2023-23421 | Important | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel |
| CVE-2023-23423 | Important | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel |
| CVE-2023-23417 | Important | Windows Partition Management Driver Elevation of Privilege Vulnerability | Windows Partition Management Driver |
| CVE-2023-23407 | Important | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Windows Point-to-Point Protocol over Ethernet (PPPoE) |
| CVE-2023-23385 | Important | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | Windows Point-to-Point Protocol over Ethernet (PPPoE) |
| CVE-2023-23414 | Important | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Windows Point-to-Point Protocol over Ethernet (PPPoE) |
| CVE-2023-21708 | Critical | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Windows Remote Procedure Call |
| CVE-2023-23405 | Important | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Windows Remote Procedure Call Runtime |
| CVE-2023-24869 | Important | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Windows Remote Procedure Call Runtime |
| CVE-2023-24908 | Important | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Windows Remote Procedure Call Runtime |
| CVE-2023-23419 | Important | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Windows Resilient File System (ReFS) |
| CVE-2023-23418 | Important | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Windows Resilient File System (ReFS) |
| CVE-2023-24862 | Important | Windows Secure Channel Denial of Service Vulnerability | Windows Secure Channel |
| CVE-2023-24880 | Moderate | Windows SmartScreen Security Feature Bypass Vulnerability | Windows SmartScreen |
| CVE-2023-1017 | Critical | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability | Windows TPM |
| CVE-2023-1018 | Critical | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability | Windows TPM |
| CVE-2023-24861 | Important | Windows Graphics Component Elevation of Privilege Vulnerability | Windows Win32K |
We hope this post would help you know about the March 2023 Patch Tuesday report published by Microsoft on 14th March 2023. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram,and subscribe to receive updates like this.
You may also like these articles:
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
