Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

March, 2023: Patch Tuesday - Two Zero Days, Nine Critical Updates

Welcome to my March Patch Tuesday newsletter. This month Microsoft released updates for 109 vulnerabilties. You will be happy to know that only 9 of those are rated critical. Of these 9, I have to bring attention to the 2 zero-days for this month. CVE-2023-24880 is not only public but is currently being exploited. This vulnerabilitiy exploits Mark of the Web (MOTW) and Windows SmartScreen. If an attacker successfully takes advantage of this exploit then Windows SmartScreen protection could be bypassed resulting in malicious files being opened in Office products, for example. The other zero-day, CVE-2023-23397, is also related to an Office exploit that could allow a specially crafted email to run an elevation of privilege exploit BEFORE the email is viewed in the Preview Pane. So I recommend that you get this patches ASAP.

Besides the 2 zero-days mentioned above, it's a fairly light month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 8.1, RT 8.1, 10, 11 Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations	Critical	CVE-2023-1017 CVE-2023-1018 CVE-2023-21708 CVE-2023-23385 CVE-2023-23388 CVE-2023-23392 CVE-2023-23393 CVE-2023-23394 CVE-2023-23400 CVE-2023-23401 CVE-2023-23402 CVE-2023-23403 CVE-2023-23404 CVE-2023-23405 CVE-2023-23406 CVE-2023-23407 CVE-2023-23409 CVE-2023-23410 CVE-2023-23411 CVE-2023-23412 CVE-2023-23413 CVE-2023-23414 CVE-2023-23415 CVE-2023-23416 CVE-2023-23417 CVE-2023-23418 CVE-2023-23419 CVE-2023-23420 CVE-2023-23421 CVE-2023-23422 CVE-2023-23423 CVE-2023-24856 CVE-2023-24857 CVE-2023-24858 CVE-2023-24859 CVE-2023-24861 CVE-2023-24862 CVE-2023-24863 CVE-2023-24864 CVE-2023-24865 CVE-2023-24866 CVE-2023-24867 CVE-2023-24868 CVE-2023-24869 CVE-2023-24870 CVE-2023-24871 CVE-2023-24872 CVE-2023-24876 CVE-2023-24880** CVE-2023-24906 CVE-2023-24907 CVE-2023-24908 CVE-2023-24909 CVE-2023-24910 CVE-2023-24911 CVE-2023-24913	Workaround: No Exploited: Yes* Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
Edge	Chromium-based	Important	CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232 CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236 CVE-2023-24892	Workaround: No Exploited: No Public: No	Spoofing
Office	365 Apps for Enterprise Office 2013 RT SP1, 2013 SP1, 2016, 2019, LTSC 2021 2019 for Mac, LTSC Mac 2021 Office for Android and Universal Online Server Web Apps Server 2013 SP1 OneDrive for Android, iOS and MacOS Installer Excel/Outlook 2013 RT SP1, 2013 SP1, 2016	Critical	CVE-2023-23391 CVE-2023-23396 CVE-2023-23397* CVE-2023-23398 CVE-2023-23399 CVE-2023-24882 CVE-2023-24890 CVE-2023-24910 CVE-2023-24923 CVE-2023-24930	Workaround: No Exploited: Yes* Public: No	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
SharePoint	Enterprise Server 2013 SP1, 2016 Foundation 2013 SP1 Server 2019 Server Subscription Edition	Important	CVE-2023-23395	Workaround: No Exploited: No Public: No	Spoofing
Azure	Service Fabric 9.1 for Ubuntu and Windows HDInsights	Important	CVE-2023-23383 CVE-2023-23408	Workaround: No Exploited: No Public: No	Spoofing
Visual Studio	2017 15.9 and earlier 2019 16.11 and earlier 2022 17.5, 17.4, 17.2, 17.0	Important	CVE-2023-22490 CVE-2023-22743 CVE-2023-23618 CVE-2023-23946	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution
System Center	Malware Protection Engine	Important	CVE-2023-23389	Workaround: No Exploited: No Public: No	Elevation of Privilege
Dynamics 365	On-Prem 9.0, 9.1	Important	CVE-2023-24879 CVE-2023-24891 CVE-2023-24919 CVE-2023-24920 CVE-2023-24921 CVE-2023-24922	Workaround: No Exploited: No Public: No	Spoofing Information Disclosure

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

March 2023 Patch Tuesday	"Patch Tuesday - Two Zero Days, Nine Critical Updates " - sponsored by LOGbinder

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2023 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.