
Microsoft patched 80 CVEs in its March 2023 Patch Tuesday Release, with 9 rated as critical, 79 rated as important and one rated as moderate.
Two actively exploited zero-day vulnerabilities we will highlight later in this blog were reported by the vendor: an elevation of privilege within Microsoft Outlook (CVE-2023-23397) rated as Critical and a security feature bypass within Windows SmartScreen (CVE-2023-24880) rated as Moderate
This month’s update includes patches for:
- Azure
- Client Server Run-time Subsystem (CSRSS)
- Internet Control Message Protocol (ICMP)
- Microsoft Bluetooth Driver
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft OneDrive
- Microsoft PostScript Printer Driver
- Microsoft Printer Drivers
- Microsoft Windows Codecs Library
- Office for Android
- Remote Access Service Point-to-Point Tunnelling Protocol
- Role: DNS Server
- Role: Windows Hyper-V
- Service Fabric
- Visual Studio
- Windows Accounts Control
- Windows Bluetooth Service
- Windows Central Resource Manager
- Windows Cryptographic Services
- Windows Defender
- Windows HTTP Protocol Stack
- Windows HTTP.sys
- Windows Internet Key Exchange (IKE) Protocol
- Windows Kernel
- Windows Partition Management Driver
- Windows Point-to-Point Protocol over Ethernet (PPPoE)
- Windows Remote Procedure Call
- Windows Remote Procedure Call Runtime
- Windows Resilient File System (ReFS)
- Windows Secure Channel
- Windows SmartScreen
- Windows TPM
- Windows Win32K
Remote code execution (RCE) vulnerabilities accounted for 32.9% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 26.3%.
Microsoft Outlook Elevation of Privilege Vulnerability (Zero Day)
CVE-2023-23397 is an elevation of privilege vulnerability in Microsoft Outlook that was assigned a CVSSv3 score of 9.8 and was exploited in the wild. The vulnerability can be exploited by sending a malicious email to a vulnerable version of Outlook. When the email is processed by the server, a connection to an attacker-controlled device can be established to leak the Net-NTLMv2 hash of the email recipient. The attacker can use this hash to authenticate as the victim recipient in an NTLM relay attack.
Microsoft notes that this exploitation can occur before the email is viewed in the Preview Pane, meaning no interaction from the victim recipient is needed for a successful attack.
Windows SmartScreen Security Feature Bypass Vulnerability (Zero Day)
CVE-2023-24880 is a Windows SmartScreen Security Feature Bypass vulnerability in Windows operating systems that was assigned a CVSSv3 score of 5.4. The vulnerability has been publicly disclosed and was exploited in the wild. To be exploited, a malicious file needs to be opened by a user on an affected version of Windows. When the email is opened, the Mark of the Web (MoTW) functionality is bypassed, meaning that security features that rely on MoTW tagging are not triggered and could allow for malicious payloads within the file to be executed on the target.
Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2023-23416 is a RCE vulnerability in Windows operating systems that was assigned a CVSSv3 score of 8.4. The vulnerability exists in Windows Cryptographic Services, a suite of cryptographic tools in Windows operating systems. Exploitation is performed by importing a malicious certificate onto a vulnerable target, requiring the attacker to authenticate to the target or entice an authenticated user into importing the malicious certificate. As per the Microsoft Exploitability Index this was given a rating of Exploitation More Likely.
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
CVE-2023-23415 is a RCE vulnerability in Windows operating systems and was assigned a CVSSv3 score of 9.8. The vulnerability lies in the way the operating system handles ICMP packets when an application running on the vulnerable Windows host is bound to a raw socket. Exploitation is performed by sending a malicious fragmented IP packet to a vulnerable target, leading to arbitrary code execution. As per the Microsoft Exploitability Index this was given a rating of Exploitation More Likely.
HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2023-23392 is a RCE vulnerability in Microsoft operating systems that was given a CVSSv3 score of 9.8 and as per the Microsoft Exploitability Index this was given a rating of Exploitation More Likely. The vulnerability exists in the HTTP. sys component of Windows operating systems. Exploitation can be performed by a remote, unauthenticated attacker sending a malicious packet to the target server. For a server to be vulnerable, it must have HTTP/3 enabled and use buffered I/O. The Microsoft advisory notes that HTTP/3 support is a new feature for Windows Server 2022 and must be enabled with a registry key.
Trusted Platform Module (TPM) Module Library
CVE-2023-1017 and CVE-2023-1018, rated as Critical, are vulnerabilities affecting the TPM2.0 Module Library. An out-of-bounds write vulnerability allows the writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context
Windows Point-to-Point Tunnelling Protocol Remote Code Execution
CVE-2023-23404, a RCE vulnerability affecting the P2P Tunnelling Protocol, is rated as Critical. An unauthenticated attacker could send a specially crafted connection request to a remote access server (RAS), which could lead to remote code execution (RCE) on the RAS machine. As per the Microsoft Exploitability Index this was given a rating of Exploitation less Likely as it requires the attacker to win a race condition.
Windows Hyper-V Denial of Service
CVE-2023-23411, a Denial-of-Service vulnerability affecting Windows Hyper-V, is rated as Critical. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. As per the Microsoft Exploitability Index this was given a rating of Exploitation less Likely.
This month patch Tuesday summary
CVE ID | CVE Title | Severity |
CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | Critical |
CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | Critical |
CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability | Critical |
CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability | Critical |
CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical |
CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical |
CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical |
CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability | Important |
CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important |
CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important |
CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability | Important |
CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Important |
CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability | Important |
CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability | Important |
CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability | Important |
CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability | Important |
CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | Important |
CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Important |
CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Important |
CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | Important |
CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability | Important |
CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability | Important |
CVE-2023-23391 | Office for Android Spoofing Vulnerability | Important |
CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability | Important |
CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability | Important |
CVE-2023-23618 | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability | Important |
CVE-2023-22743 | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability | Important |
CVE-2023-23946 | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability | Important |
CVE-2023-22490 | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability | Important |
CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability | Important |
CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability | Important |
CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | Important |
CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability | Important |
CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important |
CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability | Important |
CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability | Important |
CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability | Important |
CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability | Important |
CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | Important |
CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability | Important |
CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate |
Chromium Edge Updates
CVE ID | CVE Title |
CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability |
CVE-2023-1236 | Chromium: CVE-2023-1236 Inappropriate implementation in Internals |
CVE-2023-1235 | Chromium: CVE-2023-1235 Type Confusion in DevTools |
CVE-2023-1213 | Chromium: CVE-2023-1213 Use after free in Swiftshader |
CVE-2023-1234 | Chromium: CVE-2023-1234 Inappropriate implementation in Intents |
CVE-2023-1223 | Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill |
CVE-2023-1222 | Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API |
CVE-2023-1221 | Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API |
CVE-2023-1229 | Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts |
CVE-2023-1228 | Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents |
CVE-2023-1224 | Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API |
CVE-2023-1220 | Chromium: CVE-2023-1220 Heap buffer overflow in UMA |
CVE-2023-1216 | Chromium: CVE-2023-1216 Use after free in DevTools |
CVE-2023-1215 | Chromium: CVE-2023-1215 Type Confusion in CSS |
CVE-2023-1214 | Chromium: CVE-2023-1214 Type Confusion in V8 |
CVE-2023-1219 | Chromium: CVE-2023-1219 Heap buffer overflow in Metrics |
CVE-2023-1218 | Chromium: CVE-2023-1218 Use after free in WebRTC |
CVE-2023-1217 | Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting |
CVE-2023-1230 | Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs |
CVE-2023-1232 | Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing |
CVE-2023-1233 | Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing |
CVE-2023-1231 | Chromium: CVE-2023-1231 Inappropriate implementation in Autofill |