In March 2023, Microsoft released its Patch Tuesday update, which addressed 80 vulnerabilities, including 9 critical ones. These vulnerabilities span a wide range of Microsoft products and services, from Microsoft Outlook to Windows Server.
One of the most pressing vulnerabilities in this release is in Microsoft Outlook, with CVE-2023-23397 already being exploited. External attackers could send specially crafted emails to leak Net-NTLMv2 hash information of the victim to the attacker. Microsoft recommends updating the system as soon as possible to prevent further exploitation of this vulnerability.
Another critical vulnerability fixed in this update is the Internet Control Message Protocol (ICMP) Remote Code Execution vulnerability, CVE-2023-23415. Although it has not yet been exploited, Microsoft warns that it is likely to be exploited in the future. The vulnerability can be exploited by sending a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine.
The third critical vulnerability, CVE-2023-23392, affects only Windows Server 2022 and is specific to the HTTP protocol stack. An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Although this vulnerability has not yet been exploited, Microsoft warns that it is likely to be exploited in the future.
Microsoft has provided alternative mitigation options for some of the critical vulnerabilities. For instance, users can add themselves to the Protected Users Security Group to prevent the use of NTLM as an authentication mechanism or block TCP 445/SMB outbound from their network. Additionally, disabling HTTP/3 can mitigate the vulnerability CVE-2023-23392. However, it is crucial to note that updating to the latest patch updates is still the most effective way to prevent exploitation.
Apart from the critical vulnerabilities, Microsoft also fixed other vulnerabilities such as elevation of privilege, information disclosure, remote code execution, and denial of service. System administrators should stay up-to-date on Patch Tuesday releases and ensure that their network is secured against potential exploits. Microsoft continues to prioritize patching vulnerabilities and releasing regular updates to enhance the security of their products.
In conclusion, the March 2023 Patch Tuesday update addressed several vulnerabilities in Microsoft products and services, including critical ones such as in Microsoft Outlook, ICMP Remote Code Execution, and HTTP Protocol Stack. Microsoft provides alternative mitigation options, but updating to the latest patch updates remains the most effective way to prevent exploitation. It is crucial for system administrators to prioritize the installation of these updates to ensure the security of their network.
Patch Tuesday March 2023 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability |
| CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability |
| CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability |
| CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
| CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability |
| CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability |
| CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability |
| CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability |
| CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
| CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-23946 | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability |
| CVE-2023-23618 | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability |
| CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability |
| CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
| CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability |
| CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability |
| CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
| CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability |
| CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability |
| CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability |
| CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability |
| CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability |
| CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability |
| CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
| CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability |
| CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability |
| CVE-2023-23391 | Office for Android Spoofing Vulnerability |
| CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability |
| CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability |
| CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability |
| CVE-2023-22743 | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability |
| CVE-2023-22490 | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability |
| CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability |
| CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability |
| CVE-2022-43552 | Open Source Curl Remote Code Execution Vulnerability |
| CVE-2022-23825 | AMD: CVE-2022-23825 AMD CPU Branch Type Confusion |
| CVE-2022-23816 | AMD: CVE-2022-23816 AMD CPU Branch Type Confusion |
| CVE-2022-23257 | Windows Hyper-V Remote Code Execution Vulnerability |