Microsoft addressed 74 CVEs through the 2023 March Patch Tuesday

Reading time icon 8 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Key notes

  • In case you didn't know, Microsoft has released the March 2023 batch of security updates.
  • This month, the tech giant addressed a total of 74 vulnerabilities, one less than last month.
  • Out of the 75, six are rated Critical, 67 are rated Important, and only one is rated Moderate.
pt

Spring is officially here, but not everything comes down to flowers and baby rabbits. There are those who eagerly await Microsoft’s Patch Tuesday rollout.

And, as you know, it’s the second Tuesday of the month, which means that Windows users are looking towards the tech giant in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We have already taken the liberty of providing the direct download links for the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk CVEs again.

For March, Microsoft released 74 new patches, one less than last month, which is still more than some people were expecting for the third month of 2023.

These software updates address CVEs in:

  • Windows and Windows components
  • Office and Office Components
  • Exchange Server
  • .NET Core and Visual Studio Code
  • 3D Builder and Print 3D
  • Microsoft Azure and Dynamics 365
  • Defender for IoT and the Malware Protection Engine
  • Microsoft Edge (Chromium-based)

You probably want to know more on the matter, so let’s dive right into it and see what all the fuss is about this month.

74 new patches released to fix serious security issues

Let’s just say that February was far from being a busy month for Microsoft, and still, they managed to release a total of 75 updates.

However, it seems that the situation isn’t getting any better, since the tech giant released only one less update this month, for a total of 74.

Please keep in mind that, out of all the patches released today, six are rated Critical, 67 are rated Important, and only one is rated Moderate in severity.

Furthermore, remember that this is one of the largest volumes we’ve seen from Microsoft for a March release in quite some time.

We have to say that it is a bit unusual to see half of the Patch Tuesday release address remote code execution (RCE) bugs.

It’s important to be aware that two of the new CVEs are listed as under active attack at the time of release with one of those also being listed as publicly known.

That being said, let’s take a closer look at some of the more interesting updates for this month, starting with the bugs under active attack.

CVETitleSeverityCVSSPublicExploitedType
CVE-2023-23397Microsoft Outlook Elevation of Privilege VulnerabilityImportant9.1NoYesSpoofing
CVE-2023-24880Windows SmartScreen Security Feature Bypass VulnerabilityModerate5.4YesYesSFB
CVE-2023-23392HTTP Protocol Stack Remote Code Execution VulnerabilityCritical9.8NoNoRCE
CVE-2023-23415Internet Control Message Protocol (ICMP) Remote Code Execution VulnerabilityCritical9.8NoNoRCE
CVE-2023-21708Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical9.8NoNoRCE
CVE-2023-23416Windows Cryptographic Services Remote Code Execution VulnerabilityCritical8.4NoNoRCE
CVE-2023-23411Windows Hyper-V Denial of Service VulnerabilityCritical6.5NoNoDoS
CVE-2023-23404Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical8.1NoNoRCE
CVE-2023-1017 *CERT/CC: TPM2.0 Module Library Elevation of Privilege VulnerabilityCritical8.8NoNoEoP
CVE-2023-1018 *CERT/CC: TPM2.0 Module Library Elevation of Privilege VulnerabilityCritical8.8NoNoEoP
CVE-2023-23394Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2023-23409Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2023-22490 *GitHub: CVE-2023-22490 Local clone-based data exfiltration with non-local transportsImportant5.5NoNoInfo
CVE-2023-22743 *GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege VulnerabilityImportant7.2NoNoEoP
CVE-2023-23618 *GitHub: CVE-2023-23618 Git for Windows Remote Code Execution VulnerabilityImportant8.6NoNoRCE
CVE-2023-23946 *GitHub: CVE-2023-23946 Git path traversal vulnerabilityImportant6.2NoNoEoP
CVE-2023-23389Microsoft Defender Elevation of Privilege VulnerabilityImportant6.3NoNoEoP
CVE-2023-24892Microsoft Edge (Chromium-based) Webview2 Spoofing VulnerabilityImportant7.1NoNoSpoofing
CVE-2023-24919Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant5.4NoNoXSS
CVE-2023-24879Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant5.4NoNoXSS
CVE-2023-24920Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant5.4NoNoXSS
CVE-2023-24891Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant5.4NoNoXSS
CVE-2023-24921Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant4.1NoNoXSS
CVE-2023-24922Microsoft Dynamics 365 Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-23396Microsoft Excel Denial of Service VulnerabilityImportant5.5NoNoDoS
CVE-2023-23399Microsoft Excel Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-23398Microsoft Excel Security Feature Bypass VulnerabilityImportant7.1NoNoSFB
CVE-2023-24923Microsoft OneDrive for Android Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2023-24882Microsoft OneDrive for Android Information Disclosure VulnerabilityImportant5.5NoNoInfo
CVE-2023-24890Microsoft OneDrive for iOS Security Feature Bypass VulnerabilityImportant4.3NoNoSFB
CVE-2023-24930Microsoft OneDrive for MacOS Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-24864Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege VulnerabilityImportant8.8NoNoEoP
CVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-24858Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-24863Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-24865Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-24866Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-24906Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-24870Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-24911Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant6.5NoNoInfo
CVE-2023-23403Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-23406Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-23413Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-24867Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-24907Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-24868Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-24909Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-24872Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-24913Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-24876Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-23391Office for Android Spoofing VulnerabilityImportant5.5NoNoSpoofing
CVE-2023-23405Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant8.1NoNoRCE
CVE-2023-24908Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant8.1NoNoRCE
CVE-2023-24869Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant8.1NoNoRCE
CVE-2023-23383Service Fabric Explorer Spoofing VulnerabilityImportant8.2NoNoSpoofing
CVE-2023-23395SharePoint Open Redirect VulnerabilityImportant3.1NoNoSpoofing
CVE-2023-23412Windows Accounts Picture Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-23388Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant8.8NoNoEoP
CVE-2023-24871Windows Bluetooth Service Remote Code Execution VulnerabilityImportant8.8NoNoRCE
CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-23400Windows DNS Server Remote Code Execution VulnerabilityImportant7.2NoNoRCE
CVE-2023-24910Windows Graphics Component Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-24861Windows Graphics Component Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-23410Windows HTTP.sys Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-24859Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant7.5NoNoDoS
CVE-2023-23420Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-23421Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-23422Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-23423Windows Kernel Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-23401Windows Media Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-23402Windows Media Remote Code Execution VulnerabilityImportant7.8NoNoRCE
CVE-2023-23417Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-23385Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege VulnerabilityImportant7NoNoEoP
CVE-2023-23407Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution VulnerabilityImportant7.1NoNoRCE
CVE-2023-23414Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution VulnerabilityImportant7.1NoNoRCE
CVE-2023-23418Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-23419Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant7.8NoNoEoP
CVE-2023-24862Windows Secure Channel Denial of Service VulnerabilityImportant5.5NoNoDoS
CVE-2023-23408Azure Apache Ambari Spoofing VulnerabilityImportant4.5NoNoSpoofing

Let’s look at CVE-2023-23397 for one second. Even though technically a spoofing bug, experts consider the result of this vulnerability to be an authentication bypass.

Thus, it allows a remote, unauthenticated attacker to access a user’s Net-NTLMv2 hash just by sending a specially crafted e-mail to an affected system.

CVE-2023-23392 could actually allow a remote, unauthenticated attacker to execute code at system level without user interaction.

Know that combination makes this bug wormable, at least through systems that meet the target requirements, and the target system needs to have HTTP/3 enabled and set to use buffered I/O.

There’s a CVSS 9.8 bug in RPC Runtime that also has some wormable potential. That being said, unlike ICMP, it is a good idea to block RPC traffic (specifically TCP port 135) at the perimeter.

Also, there’s a fair amount of Elevation of Privilege (EoP) bugs receiving patches this month, and the majority of these require the attacker to execute their code on a target to escalate privileges.

Moving on to the information disclosure vulnerabilities receiving patches this month, the vast majority simply result in info leaks consisting of unspecified memory contents.

However, there are a couple of exceptions. The bug in Microsoft Dynamics 365 could leak a verbose error message that attackers could use to create malicious payloads.

And, the two bugs in OneDrive for Android could leak certain Android/local URIs that OneDrive can access.

Once again, you will most likely need to get this patch from the Google Play store if you haven’t configured automatic app updates.

We have to point out that there are three additional DoS fixes released this month. There’s no additional info about the patches for Windows Secure Channel or the Internet Key Exchange (IKE) Extension.

On that note, we can expect a successful exploit of these bugs to interfere with authentication processes, so make sure you keep that in mind at all times.

Feel free to check each individual CVE and find out more about what it means, how it manifests, and what scenarios can malicious third parties use to exploit them.

Have you found any other issues after installing this month’s security updates? Share your experience with us in the comments section below.

More about the topics: patch tuesday

User forum

0 messages