• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

March 2023 Patch Tuesday: Two Actively Exploited Bugs in Outlook, SmartScreen

Microsoft's March 2023 Patch Tuesday includes fixes for 76 vulnerabilities, two of which are being exploited in the wild.

March 14, 2023 Zachary Comeau Leave a Comment

March 2023 Patch Tuesday. Patch Tuesday,

Microsoft’s March 2023 Patch Tuesday release includes fixes for 76 vulnerabilities in the company’s products, with two listed as being actively exploited, one of which also being listed as publicly known.

The amount of bugs fixed by Microsoft this month is on par with the tech giant’s February security update when it patched 75 vulnerabilities, including three that were being actively exploited.

Also similar in the March 2023 Patch Tuesday release were the number of remote code execution bugs, with 25 listed this month. Last month, there were 35 remote code execution vulnerabilities.

Based on analysis from researchers at Zero Day Initiative, Tenable and other security firms, here’s a look at the more notable vulnerabilities.

CVE-2023-23397 – Microsoft Outlook Spoofing Vulnerability

This bug is getting a lot of attention from security researchers. The bug gets a CVSSv3 score of 9.8 and has been exploited in the wild, which makes this a top priority for IT and security admins this month.  The vulnerability is exploited by sending a malicious email to a vulnerable version of Outlook. When the server processes the email, a connection to an attacker-controlled device is established to leak the Net-NTLMv2 hash of the email recipient. This allows the attacker to use the hash to authenticate as the victim recipient in an NTLM relay attack.

According to Microsoft, this can occur before the email is viewed in Preview Pane, so no interaction from the victim is needed for the attack to be successful. Disabling the Preview Pane feature will have no impact.

What makes this even more interesting is that the discovery of this vulnerability is credited to the Computer Emergency Respponse Team of Ukraine and Microsoft researchers. Given what is currently happening in Ukraine, this bug could be significant.

CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability

This is the other vulnerability listed as under active attack, but it doesn’t appear to be as severe as the Outlook spoofing bug. This allows attackers to create files that can bypass Mark of the Web protections, rendering features like SmartScreen and Protected View in Microsoft Office useless and allowing threat actors to spread malware via crafted documents and other files.

This is listed as under active attack and could signify how attackers are adapting new methods of delivering malware since Microsoft has taken steps to prevent Office documents from being used for that purpose.

This bug was discovered by Google’s Threat Analysis Group (TAG), which says ransomware groups are using the vulnerability to deliver the magniber ransomware without any security warnings. According to TAG, attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return an error that results in bypassing the security warning dialog displayed to users when an untrusted file contains a Mark-of-the-Web (MotW), which indicates a potentially malicious file has been downloaded from the internet.

TAG says it has observed over 100,000 downloads of the malicious MSI files since January 2023. Microsoft in December 2022 patched a similar vulnerability after threat actors were exploiting it since September 2022.

CVE-2023-23415 – Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

This is a vulnerability in Windows operating systems that also gets a critical CVSSv3 score of 9.8. According to Tenable, the bug lies in the way the operating system handles ICMP packets when an application running on a vulnerable Windows host is bound to a raw socket. An attacker can exploit it by sending a malicious fragmented IP Packet to a vulnerable target.

CVE-2023-23392 – HTTP Protocol Stack Remote Code Execution Vulnerability

Another bug getting attention this month is a CVSS 9.8-rated vulnerability that could allow a remote, unauthenticated attacker to execute code at the SYSTEM level without user interaction. Attackers can send a malicious packet to the target server, but the server must have  HTTP/3 enabled and use buffered I/O. However, this is a common configuration for Windows 11 and Windows Server 2022.

There are six other critical-rated bugs patched this month, including vulnerabilities in Windows Cryptographic Services, Hyper-V, Windows Point-to-Point Tunneling Protocol and others.

For more information on the March 2023 Patch Tuesday release, consult Microsoft’s Security Update Guide and analysis from Tenable and Zero Day Initiative.

Tagged With: Cybersecurity, Microsoft, Patch management, Patch Tuesday

Related Content:

  • Microsoft Loop IT What You Need to Know About Microsoft Loop
  • YAMAHA UC ADECIA Yealink Yamaha UC Partners With Yealink for Audio &…
  • Microsoft, ChatGPT, GPT-4, GPT-3.5 What’s New With ChatGPT and Generative AI This…
  • CISA Ransomware CISA Wants You To Report Anything You Know…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.