What just happened? Since 2003, Microsoft has used “Patch Tuesday” as an informal identification for the company’s monthly release of security bug fixes for Windows and other software products. In March 2023, Redmond fixed two previously unrecognized nasty flaws that state-sponsored cybercriminals and ransomware operations had already exploited in the wild.
This week, Microsoft released its latest set of security fixes. compared to February 2023The latest batch of patches deals with an increasing number of vulnerabilities, including a few that have already been exploited.
Microsoft March Security Bulletin says this version includes Fixes to many Windows components and security features, Hyper-V virtualization technology, Visual Studio, Office programs, and more. Update 83 should fix a security flaw for Windows and other Microsoft software products.
Nine of the 83 vulnerabilities are classified as “critical,” meaning hackers can use them to launch various attacks. Considering the type of bug and its impact on Windows and other affected software, the vulnerabilities fall into the following categories: 21 High privilege vulnerabilities, 2 Security feature vulnerabilities, 27 Remote code execution vulnerabilities, 15 Information disclosure vulnerabilities, 4 Denial of Service vulnerabilities, 10 impersonation vulnerabilities, 1 edge – chrome vulnerability.
This list does not include 21 vulnerabilities that Microsoft already fixed in the Edge browser prior to Patch Tuesday’s update. sleeping computer published Full report listing all closed errors and related warnings. The March patch included two zero-day bug fixes that Microsoft confirmed hackers actively exploited.
The first bug on day zero is “Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397). If successfully exploited, the flaw allows access to the user’s Net-NTLMv2 hash, which hackers can use “as the basis for an NTLM Relay attack against another service to authenticate as a user.” There is no need to read or preview an email message, as the server will automatically trigger the flaw when processing the message. Well-known Russian state-sponsored cyber gangster “Strontium” exploited CVE-2023-23397 before it released the patch, Microsoft said.
The second vulnerability in Day Zero is a Windows SmartScreen feature bypass vulnerability (CVE-2023-24880). Microsoft states that an attacker could exploit this bug by creating a malicious file that would cause this to happen evade Web tag defenses (MOTW) in Microsoft Office’s Protected View feature. Google researchers discovered CVE-2023-24880, saying hackers exploited it using Magniber ransomware, noting that it is related to a previous zero-day flaw (CVE-2022-44698) that was fixed by Microsoft in December.
Microsoft distributes its latest updates through the official Windows Update service, update management systems like WSUS, and as direct (albeit massive) downloads through the Microsoft Update Catalog. Other software companies releasing security updates concurrent with Microsoft Patch Tuesday include Apple, Cisco, Google, Fortinet, SAP, and backup giant Veeam.