Welcome to our summary of the March 2023 Microsoft Patch Tuesday. We have tabulated the vulnerabilities that the latest patches from Microsoft, so that you can easily export them for use in your vulnerability management program.

Rootshell users have already benefited from the platform’s Active Exploit Detection, which automatically alerts you to active exploits affecting issues within your estate.

Microsoft Patch Tuesday March 2023

Microsoft’s March 2023 Patch Tuesday announces fixes for 83 issues, including fixes for two actively exploited zero day vulnerabilities. The Rootshell Platform has already alerted users whose estates contain these active exploits.

9 of the 83 vulnerabilities are Critical, due to the fact that they allow remote code execution, allow escalation of privileges, or denial of service.

This update contains 21 Elevation of Privilege Vulnerabilities, 2 Security Feature Bypass Vulnerabilities, 27 Remote Code Execution Vulnerabilities, 15 Information Disclosure Vulnerabilities, 4 Denial of Service Vulnerabilities, 10 Spoofing Vulnerabilities, and a Chromium Vulnerability affecting Microsoft Edge (not including the 21 MS Edge vulnerabilities addressed earlier this week).

Two Actively Exploited Zero-Day Vulnerabilities Fixed

The actively exploited and publicly disclosed zero-day vulnerabilities fixed in today’s updates are:

  • CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability

External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.

  • CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability

An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defences, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

[wpdatatable id=”12″ /][wpdatatable id=”0″ /]

Subscribe So You Never Miss an Update

Your data will be processed in accordance with our Privacy Policy