Webinar Library
Welcome to my March Patch Tuesday newsletter. This month Microsoft released updates for 109 vulnerabilties. You will be happy to know that only 9 of those are rated critical. Of these 9, I have to bring attention to the 2 zero-days for this month. CVE-2023-24880 is not only public but is currently being exploited. This vulnerabilitiy exploits Mark of the Web (MOTW) and Windows SmartScreen. If an attacker successfully takes advantage of this exploit then Windows SmartScreen protection could be bypassed resulting in malicious files being opened in Office products, for example. The other zero-day, CVE-2023-23397, is also related to an Office exploit that could allow a specially crafted email to run an elevation of privilege exploit BEFORE the email is viewed in the Preview Pane. So I recommend that you get this patches ASAP. Besides the 2 zero-days mentioned above, it's a fairly light month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 8.1, RT 8.1, 10, 11
Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations
Critical
CVE-2023-1017 CVE-2023-1018 CVE-2023-21708 CVE-2023-23385 CVE-2023-23388 CVE-2023-23392 CVE-2023-23393 CVE-2023-23394 CVE-2023-23400 CVE-2023-23401 CVE-2023-23402 CVE-2023-23403 CVE-2023-23404 CVE-2023-23405 CVE-2023-23406 CVE-2023-23407 CVE-2023-23409 CVE-2023-23410 CVE-2023-23411 CVE-2023-23412 CVE-2023-23413 CVE-2023-23414 CVE-2023-23415 CVE-2023-23416 CVE-2023-23417 CVE-2023-23418 CVE-2023-23419 CVE-2023-23420 CVE-2023-23421 CVE-2023-23422 CVE-2023-23423 CVE-2023-24856 CVE-2023-24857 CVE-2023-24858 CVE-2023-24859 CVE-2023-24861 CVE-2023-24862 CVE-2023-24863 CVE-2023-24864 CVE-2023-24865 CVE-2023-24866 CVE-2023-24867 CVE-2023-24868 CVE-2023-24869 CVE-2023-24870 CVE-2023-24871 CVE-2023-24872 CVE-2023-24876 CVE-2023-24880** CVE-2023-24906 CVE-2023-24907 CVE-2023-24908 CVE-2023-24909 CVE-2023-24910 CVE-2023-24911 CVE-2023-24913
Workaround: No Exploited: Yes* Public: Yes**
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution Security Feature Bypass
Edge
Chromium-based
Important
CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1228 CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232 CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236 CVE-2023-24892
Workaround: No Exploited: No Public: No
Spoofing
Office
365 Apps for Enterprise
Office 2013 RT SP1, 2013 SP1, 2016, 2019, LTSC 2021
2019 for Mac, LTSC Mac 2021 Office for Android and Universal Online Server Web Apps Server 2013 SP1 OneDrive for Android, iOS and MacOS Installer Excel/Outlook 2013 RT SP1, 2013 SP1, 2016
CVE-2023-23391 CVE-2023-23396 CVE-2023-23397* CVE-2023-23398 CVE-2023-23399 CVE-2023-24882 CVE-2023-24890 CVE-2023-24910 CVE-2023-24923 CVE-2023-24930
Workaround: No Exploited: Yes* Public: No
Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
SharePoint
Enterprise Server 2013 SP1, 2016
Foundation 2013 SP1
Server 2019
Server Subscription Edition
CVE-2023-23395
Azure
Service Fabric 9.1 for Ubuntu and Windows HDInsights
CVE-2023-23383 CVE-2023-23408
Visual Studio
2017 15.9 and earlier 2019 16.11 and earlier 2022 17.5, 17.4, 17.2, 17.0
CVE-2023-22490 CVE-2023-22743 CVE-2023-23618 CVE-2023-23946
Elevation of Privilege Information Disclosure Remote Code Execution
System Center
Malware Protection Engine
CVE-2023-23389
Dynamics 365
On-Prem 9.0, 9.1
CVE-2023-24879 CVE-2023-24891 CVE-2023-24919 CVE-2023-24920 CVE-2023-24921 CVE-2023-24922
Spoofing Information Disclosure