Microsoft’s March 2023 Patch Tuesday Update has deployed fixes for a set of 80 security flaws, two of which have been exploited in the wild.
Of the 80 bugs, 8 were rated critical, 71 were rated critical, and 1 was rated moderate severity. The update adds to the 29 flaws the tech giant has fixed in his Chromium-based Edge browser in recent weeks.
Two vulnerabilities under active attack include Microsoft Outlook Privilege Elevation Flaw (CVE-2023-23397, CVSS Score: 9.8) and Windows SmartScreen Security Feature Bypass (CVE-2023-24880, CVSS Score: 9.8). 5.1).
CVE-2023-23397 “triggers when an attacker sends a message with extended MAPI properties with a UNC path to an SMB (TCP 445) share on an attacker-controlled server,” Microsoft said. As stated in the standalone advisory.
By sending a specially crafted email, an attacker could exploit this vulnerability to automatically activate the email once retrieved and processed by the Outlook client for Windows. . As a result, it can be exploited without any user interaction required and before the message is displayed in the preview pane.
Microsoft confirmed that the Ukraine Computer Emergency Response Team (CERT-UA) had reported the flaw and said that the Russian-based threat actor had launched a “limited It added that it was aware of “targeted attacks”.
CVE-2023-24880, on the other hand, concerns a security bypass flaw that can be exploited to circumvent Mark-of-the-Web (MotW) protections when opening untrusted files downloaded from the Internet. is.
This is also the result of a narrow patch to resolve another SmartScreen bypass bug released by Microsoft (CVE-2022-44698, CVSS score: 5.4).
Google Threat Analysis Group (TAG) researcher Benoit Sevens said in the report:
“Because the root cause behind the SmartScreen security bypass was not resolved, the attackers were able to quickly identify another variant of the original bug.”
TAG said it has seen over 100,000 downloads of malicious MSI files signed with fraudulent Authenticode signatures since January 2023. The majority of these downloads are associated with European users.
With this disclosure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two flaws to its Known Exploited Vulnerabilities (KEV) catalog, marking critical infrastructure entities as “commonly vulnerable to known ransomware exploits.” It also did so when we announced a new pilot program aimed at alerting us to “relevant vulnerabilities.” .”
Additionally, Microsoft has cracked down on the HTTP protocol stack (CVE-2023-23392, CVSS score: 9.8), the Internet Control Message Protocol (CVE-2023-23415, CVSS score: 9.8), and many critical remote code Closed execution defect. Procedure Call Runtime (CVE-2023-21708, CVSS score: 9.8).
Other notable mentions include patches for four identified privilege escalation bugs in the Windows kernel, ten remote code execution flaws affecting Microsoft PostScript and PCL6 class printer drivers, and a WebView2 spoofing vulnerability in the Edge browser. It is included.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
Elsewhere, Microsoft has identified two information disclosure flaws in Microsoft OneDrive for Android, one spoofing vulnerability in Office for Android, one security bypass bug in Microsoft OneDrive for iOS, and one permission in OneDrive for macOS. I also solved the elevation issue.
Rounding out the list are patches for two high-severity vulnerabilities in the Trusted Platform Module (TPM) 2.0 Reference Library specification (CVE-2023-1017 and CVE-2023-1018, CVSS score: 8.8), which led to an information disclosure and privilege. escalation.
Software patches from other vendors
Besides Microsoft, other vendors have released security updates since the beginning of the month to fix several vulnerabilities.
