VTA-00441 – Microsoft March Patch : 80 Security Vulnerabilities Fixed, Including Two Actively Exploited Vulnerabilities
A total of 80 security flaws, including two actively exploited vulnerabilities, are set to be fixed in Microsoft’s Patch Tuesday update for March 2023. Out of these, eight are categorized as Critical, 71 as Important, and one as Moderate in severity. Additionally, Microsoft has recently addressed 29 vulnerabilities in its Chromium-based Edge browser. Among the actively exploited flaws are a privilege escalation bug in Microsoft Outlook (CVE-2023-23397) and a security feature bypass in Windows SmartScreen (CVE-2023-24880).
The CVE-2023-23397 vulnerability is triggered when an attacker sends an email containing a specifically crafted extended MAPI property with a UNC path to an SMB (TCP 445) share on a server under their control. The vulnerability could be exploited without user input or even before the message is viewed in the Preview Pane, potentially allowing the attacker to take control of the system.
CVE-2023-24880, on the other hand, is a security bypass flaw that allows attackers to bypass Mark-of-the-Web (MotW) protections while viewing untrusted files obtained from the internet. This flaw was discovered last year and was used by threat actors with financial motives to spread the Magniber ransomware. Microsoft issued a limited patch for a SmartScreen bypass flaw (CVE-2022-44698, CVSS score: 5.4), which led to the discovery of this vulnerability.
Apart from these, Microsoft also fixed several other critical vulnerabilities, such as remote code execution flaws affecting the HTTP Protocol Stack (CVE-2023-23392), Internet Control Message Protocol (CVE-2023-23415), and Remote Procedure Call Runtime (CVE-2023-21708). Patches for 10 remote code execution bugs impacting the Microsoft PostScript and PCL6 Class Printer Driver, four privilege escalation bugs discovered in the Windows Kernel, and a WebView2 spoofing vulnerability in the Edge browser have also been released.
Endpoint, Endpoint OS, Office 365, Server OS, Web Application, Web Browser
Defense Evasion, Execution, Initial Access, Privilege Escalation
Exploitation for Credential Access, Exploitation for Defense Evasion, Indirect Command Execution, Command and Scripting Interpreter, User Execution, Exploit Public-Facing Application
SuperPRO’s Threat Countermeasures Procedures:
1. Ensure to install the latest Microsoft Security Update.
2. Regularly check and update applications to ensure they are up to date.
3. As a security precaution, always have an antivirus installed and keep it up to date with latest signatures.
Contributed by: Varrumen