Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

1 year ago AndyC

Mar
15,
2023Ravie
LakshmananPatch
Tuesday
/
Software
Update

Microsoft’s
Patch
Tuesday
update
for
March
2023
is
rolling
out
with
remediations
for
a
set
of

80
security
flaws,
two
of
which
have
come
under
active
exploitation
in
the
wild.

Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack



Mar
15,
2023Ravie
LakshmananPatch
Tuesday
/
Software
Update


Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

Microsoft’s
Patch
Tuesday
update
for
March
2023
is
rolling
out
with
remediations
for
a
set
of

80
security
flaws,
two
of
which
have
come
under
active
exploitation
in
the
wild.

Eight
of
the
80
bugs
are
rated
Critical,
71
are
rated
Important,
and
one
is
rated
Moderate
in
severity.
The
updates
are
in

addition
to
29
flaws
the
tech
giant
fixed
in
its
Chromium-based
Edge
browser
in
recent
weeks.

The
two
vulnerabilities
that
have
come
under
active
attack
include
a
Microsoft
Outlook
privilege
escalation
flaw
(CVE-2023-23397,
CVSS
score:
9.8)
and
a
Windows
SmartScreen
security
feature
bypass
(CVE-2023-24880,
CVSS
score:
5.1).

CVE-2023-23397
is
“triggered
when
an
attacker
sends
a
message
with
an
extended
MAPI
property
with
a
UNC
path
to
an
SMB
(TCP
445)
share
on
a
threat
actor-controlled
server,”
Microsoft

said
in
a
standalone
advisory.

A
threat
actor
could
leverage
this
flaw
by
sending
a
specially
crafted
email,
activating
it
automatically
when
it
is
retrieved
and
processed
by
the
Outlook
client
for
Windows.
As
a
result,
this
could
lead
to
exploitation
without
requiring
any
user
interaction
and
before
even
the
message
is
viewed
in
the
Preview
Pane.

Microsoft
credited
the
Computer
Emergency
Response
Team
of
Ukraine
(CERT-UA)
with
reporting
the
flaw,
adding
it
is
aware
of
“limited
targeted
attacks”
mounted
by
a
Russia-based
threat
actor
against
government,
transportation,
energy,
and
military
sectors
in
Europe.

CVE-2023-24880,
on
the
other
hand,
concerns
a
security
bypass
flaw
that
could
be
exploited
to
evade
Mark-of-the-Web
(MotW)
protections
when
opening
untrusted
files
downloaded
from
the
internet.

It
is
also
the
consequence
of
a
narrow
patch
released
by
Microsoft
to
resolve
another
SmartScreen
bypass
bug
(CVE-2022-44698,
CVSS
score:
5.4)
that
came
to
light
last
year
and
which
was

exploited
by
financially
motivated
actors
to
deliver
Magniber
ransomware.

“Vendors
often
release
narrow
patches,
creating
an
opportunity
for
attackers
to
iterate
and
discover
new
variants,”
Google
Threat
Analysis
Group
(TAG)
researcher
Benoit
Sevens

said
in
a
report.

“Because
the
root
cause
behind
the
SmartScreen
security
bypass
was
not
addressed,
the
attackers
were
able
to
quickly
identify
a
different
variant
of
the
original
bug.”

TAG
said
it
observed
over
100,000
downloads
of
malicious
MSI
files
signed
with
malformed
Authenticode
signature
since
January
2023,
thereby
permitting
the
adversary
to
distribute
Magniber
ransomware
without
raising
any
security
warnings.
A
majority
of
those
downloads
have
been
associated
with
users
in
Europe.

The
disclosure
also
comes
as
the
U.S.
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)

added
the
two
flaws
to
the
Known
Exploited
Vulnerabilities
(KEV)
catalog
and

announced
a
new

pilot
program
that
aims
to
warn
critical
infrastructure
entities
about
“vulnerabilities
commonly
associated
with
known
ransomware
exploitation.”

Also
closed
out
by
Microsoft
are
a
number
of
critical
remote
code
execution
flaws
impacting
HTTP
Protocol
Stack
(CVE-2023-23392,
CVSS
score:
9.8),
Internet
Control
Message
Protocol
(CVE-2023-23415,
CVSS
score:
9.8),
and
Remote
Procedure
Call
Runtime
(CVE-2023-21708,
CVSS
score:
9.8).

Other
notable
mentions
include
patches
for
four
privilege
escalation
bugs
identified
in
the
Windows
Kernel,
10
remote
code
execution
flaws
affecting
Microsoft
PostScript
and
PCL6
Class
Printer
Driver,
and
a

WebView2
spoofing
vulnerability
in
the
Edge
browser.


WEBINAR

Discover
the
Hidden
Dangers
of
Third-Party
SaaS
Apps

Are
you
aware
of
the
risks
associated
with
third-party
app
access
to
your
company’s
SaaS
apps?
Join
our
webinar
to
learn
about
the
types
of
permissions
being
granted
and
how
to
minimize
risk.

RESERVE
YOUR
SEAT

Elsewhere,
Microsoft
also
closed
out
two
information
disclosure
flaws
in
Microsoft
OneDrive
for
Android,
one
spoofing
vulnerability
in
Office
for
Android,
one
security
bypass
bug
in
Microsoft
OneDrive
for
iOS,
and
one
privilege
escalation
issue
in
OneDrive
for
macOS.

Rounding
off
the
list
are
patches
for

two
high-severity
vulnerabilities
in
the
Trusted
Platform
Module
(TPM)
2.0
reference
library
specification
(CVE-2023-1017
and

CVE-2023-1018,
CVSS
scores:
8.8)
that
could
lead
to
information
disclosure
or
privilege
escalation.

Software
Patches
from
Other
Vendors

Aside
from
Microsoft,
security
updates
have
also
been
released
by
other
vendors
since
the
start
of
the
month
to
rectify
several
vulnerabilities,
including

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns

2 hours ago AndyC
Chinese Nationals Arrested for Laundering Million in Pig Butchering Crypto Scam

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam

20 hours ago AndyC
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

20 hours ago AndyC
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

3 days ago AndyC
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

3 days ago AndyC
China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT

3 days ago AndyC

You may have missed

Grandoreiro Banking Trojan is back and targets banks worldwide

Grandoreiro Banking Trojan is back and targets banks worldwide

2 hours ago AndyC
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns

2 hours ago AndyC
Sekuro Appoints its First Federal Government Security Advisor

Sekuro Appoints its First Federal Government Security Advisor

8 hours ago AndyC
Weekly Update 400

Weekly Update 400

8 hours ago AndyC
Macquarie Uni to spend up to 0m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

11 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.