Microsoft fixed 83 vulnerabilities during the March Patch Day

On Tuesday, Microsoft released the cumulative security update for March 2023, which was called (Patch Tuesday) because the company used to release it on Tuesday in the middle of every month.

In this month patch, the US tech giant has patched a total of 83 vulnerabilities, including: 9 critical vulnerabilities and 2 detected vulnerabilities that were actively exploited.

Microsoft said it fixed 21 permissions issues, 2 security feature bypass exploits, 27 remote code execution vulnerabilities, 4 denial of service vulnerabilities, 10 impersonation vulnerabilities, and a browser edge vulnerability.

But perhaps the most important fixes introduced by Microsoft related to two previously undisclosed vulnerabilities that were discovered and exploited without victims knowing how to circumvent them.

The vulnerabilities discovered in March 2023 include CVE-2023-23397 in Outlook that allows privilege elevation and CVE-2023-24880 in the Windows SmartScreen Service that allows security bypass.

Using an Outlook file, the attacker sends an email that forces the target computer to connect to a remote URL and transmit the Net-NTLMv2 hash of the Windows account.

Microsoft has stated that an external attacker can only send an email that was created with the specific purpose of obtaining a connection from the victim to an external UNC location controlled by the attacker.

The company added that this passes the victim's Net-NTLMv2 hash to the attacker, who can then forward it to another service and authenticate it as the victim. The company added that a threat actor named Strontium is abusing the vulnerability.

Another vulnerability exposed in Windows SmartScreen allows hackers to bypass Windows Mark of the Web warnings. Once you download a file from the Internet, it is flagged as potentially harmful.

An attacker could create a malicious file to bypass the Web-Tagging (MOTW) defenses, resulting in a limited loss of integrity and availability of security features, such as: for example: (Protected View) Microsoft Office in (Microsoft Office), based on the MOTW banner. ".



Save 80.0% on select products from RUWQ with promo code 80YVSNZJ, through 10/29 while supplies last.

HP 2023 15'' HD IPS Laptop, Windows 11, Intel Pentium 4-Core Processor Up to 2.70GHz, 8GB RAM, 128GB SSD, HDMI, Super-Fast 6th Gen WiFi, Dale Red (Renewed)
Previous Post Next Post