Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The March 2023 edition of Patch Tuesday brings us 80 fixes, with 9 rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the March 2023 Patch Tuesday Audit Report
Microsoft Outlook Elevation of Privilege Vulnerability
The most pressing vulnerability this month is one in Microsoft Outlook. CVE-2023-23397 has already been exploited, so it is important to update as soon as possible. Do keep in mind that, unfortunately, Lansweeper cannot report on the KB updates that address this vulnerability. Microsoft mentions the following about the exploitation process:
External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers‘ control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.
Another piece of useful information is that the Outlook Preview Pane is not an attack vector. Exploitation of this vulnerability can take place before the email is viewed in the Preview Pane.
Lastly, there are alternative mitigation options, such as adding users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism or block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings.
ICMP Remote Code Execution Vulnerability
CVE-2023-23415 is another critical vulnerability fixed this month. With a CVSS base score of 9.8, it’s close to hitting the most severe rating possible. This Internet Control Message Protocol (ICMP) Remote Code Execution vulnerability has not yet been exploited according to Microsoft, but it is more likely to be exploited in the future.
Microsoft lists that in order to exploit this vulnerability, an attacker needs to send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine.
HTTP Protocol Stack Remote Code Execution Vulnerability
The third critical vulnerability is one in the HTTP protocol stack. CVE-2023-23392 also has a CVSS score of 9.8 and is also not yet exploited but is more likely to be exploited in the future. The „good“ news is that only Windows Server 2022 is vulnerable.
To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
While updating is the easy way to prevent exploitation, you can opt to mitigate the vulnerability by disabling HTTP/3 if it is enabled.
Run the Patch Tuesday March 2023 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday March 2023 CVE Codes & Titles
CVE Number | CVE Title |
CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability |
CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability |
CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability |
CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability |
CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability |
CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability |
CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability |
CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability |
CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability |
CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
CVE-2023-23946 | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability |
CVE-2023-23618 | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability |
CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability |
CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability |
CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability |
CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability |
CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability |
CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability |
CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability |
CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability |
CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability |
CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability |
CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability |
CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability |
CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability |
CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability |
CVE-2023-23391 | Office for Android Spoofing Vulnerability |
CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability |
CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability |
CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability |
CVE-2023-22743 | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability |
CVE-2023-22490 | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability |
CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability |
CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability |
CVE-2022-43552 | Open Source Curl Remote Code Execution Vulnerability |
CVE-2022-23825 | AMD: CVE-2022-23825 AMD CPU Branch Type Confusion |
CVE-2022-23816 | AMD: CVE-2022-23816 AMD CPU Branch Type Confusion |
CVE-2022-23257 | Windows Hyper-V Remote Code Execution Vulnerability |