Microsoft's latest Patch Tuesday is here - fixes numerous flaws, some 'critical'

Hand increasing the protection level by turning a knob
(Image credit: Shutterstock)

Microsoft has just released its cumulative security update for March 2023, casually known as Patch Tuesday. 

In this month’s fix, the company addressed a total of 83 flaws, including nine critical vulnerabilities and two zero-day flaws that are being actively exploited in the wild.

Breaking the patch down, Microsoft said it addressed 21 elevation of privilege issues, 2 security feature bypass flaws, 27 remote code execution vulnerabilities, 4 denial of service flaws, 10 spoofing flaws, and one Microsoft Edge / Chromium flaw.

Fixing zero-days

But perhaps the most important fixes are two zero-day vulnerabilities: flaws that were previously undisclosed and abused without victims knowing how to address them.

This month’s zero-days include CVE-2023-23397, an elevation of privilege vulnerability found in Outlook, and CVE-2023-24880 -a security feature bypass vulnerability found in Windows SmartScreen.

With the Outlook file, threat actors were creating emails that forced the target endpoint to connect to a remote URL and transmit the Windows account’s Net-NTLMv2 hash.

"External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control," Microsoft explained.

"This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim." The company added, saying that a known threat actor STRONTIUM was abusing this flaw.

The second zero-day, found in Windows SmartScreen, allowed hackers to bypass the Windows Mark of the Web warning. When a file is downloaded from the internet, it gets a “mark of the web” signaling that it might potentially be malicious.

"An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging," Microsoft said.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.