Microsoft released security patches for 75 vulnerabilities (9 critical, 66 Important, 1 moderate) including 2 actively exploited zero-days. Patch ASAP!
Microsoft patched 76 CVEs in its March 2023 Patch Tuesday release, 9 rated as critical and 66 rated as important.
Number of CVE by type:
- 25 Remote Code Execution vulnerabilities
- 20 Elevation of Privilege vulnerabilities
- 14 Information Disclosure vulnerabilities
- 11 Spoofing vulnerabilities
- 4 Denial of Service vulnerabilities
- 2 Security Feature Bypass vulnerabilities
Sources
https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
Risks
Microsoft's March Patch Tuesday includes 9 critical and 66 important vulnerabilities for a wide range of Microsoft products and technologies.
Microsoft reported two zero-day vulnerabilities that are actively exploited: CVE-2023-23397 (Microsoft Outlook Elevation of Privilege) and CVE-2023-24880 (Windows SmartScreen Security Feature Bypass.)
Microsoft fixed three critical Remote Code Execution (RCE) vulnerabilities in the Windows operating systems: CVE-2023-23416 in the Windows Cryptographic Services, CVE-2023-23415 in the Internet Control Message Protocol (ICMP) handling, and CVE-2023-23392 in the HTTP Protocol Stack.
Three critical Remote Code Execution (RCE) vulnerabilities in the Microsoft Protected Extensible Authentication Protocol (PEAP) have been fixed: CVE-2023-21689, CVE-2023-21690, and CVE-2023-21692.
Description
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2023-23397 is an elevation of privilege in Microsoft Outlook for Windows. This vulnerability has a CVSSv3.1 score of 9.8 and is actively exploited. The exploit works by sending a malicious email to a victim with a vulnerable version of Outlook. No additional user interaction is required.
More information is available in our advisory for this vulnerability:
CVE-2023-24880 - Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-24880 is a vulnerability that allows an attacker to bypass the Windows SmartScreen security feature. This vulnerability has a CVSSv3.1 score of 5.4 and is actively exploited. To be exploited a victim needs to open a malicious file on an affected version of Windows. The malicious file bypasses the Mark of the Web (MOTW) defences. The exploit is publicly available.
CVE-2023-23416 - Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2023-23416 is a vulnerability in the Windows operating systems involving Remote Code Execution (RCE.) This vulnerability has a CVSSv3.1 score of 8.4. Exploitation requires a malicious certificate to be imported on the affected system. The exploit requires local access to a machine, or to trick a user into installing the malicious certificate.
CVE-2023-23415 - Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
CVE-2023-23415 is a vulnerability in the Windows operating systems involving Remote Code Execution (RCE.) This vulnerability has a CVSSv3.1 score of 9.8. An attacker could craft packet to trigger this vulnerability on an application that is bound to a raw socket.
CVE-2023-23392 - HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2023-23392 is a vulnerability in the HTTP Protocol Stack in Microsoft operating systems that can lead to Remote Code Execution (RCE.) This vulnerability has a CVSSv3.1 score of 9.8. A remote, unauthenticated attacker could send a malicious packet to the target server that is vulnerable. For a system to be vulnerable, it must HTTP/3 and buffered I/O. Microsoft notes that HTTP/3 support is a new feature and must first be enabled with a registry key.
CVE-2023-21689, CVE-2023-21690, and CVE-2023-21692 - Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
These vulnerabilities have a CVSSv3.1 score of 9.8. There is no known exploit at the time of writing, however Microsoft assesses that exploitation is more likely. Microsoft Protected Extensible Authentication Protocol (PEAP) is only negotiated with the client if Network Policy Server (NPS) is running on the Windows Server and has a network policy configured that allows PEAP.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends Windows system administrators to install updates for vulnerable systems with the highest priority, after thorough testing.
References
https://www.tenable.com/blog/microsofts-march-2023-patch-tuesday-addresses-76-cves-cve-2023-23397