Microsoft has just released its cumulative security update for March 2023, casually known as Patch Tuesday.
In this month’s fix, the company addressed a total of 83 flaws, including nine critical vulnerabilities and two zero-day flaws that are being actively exploited in the wild.
Breaking the patch down, Microsoft said it addressed 21 elevation of privilege issues, 2 security feature bypass flaws, 27 remote code execution vulnerabilities, 4 denial of service flaws, 10 spoofing flaws, and one Microsoft Edge / Chromium flaw.
But perhaps the most important fixes are two zero-day vulnerabilities: flaws that were previously undisclosed and abused without victims knowing how to address them.
This month’s zero-days include CVE-2023-23397, an elevation of privilege vulnerability found in Outlook, and CVE-2023-24880 -a security feature bypass vulnerability found in Windows SmartScreen.
With the Outlook file, threat actors were creating emails that forced the target endpoint (opens in new tab) to connect to a remote URL and transmit the Windows account’s Net-NTLMv2 hash.
“External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control,” Microsoft explained.
“This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.” The company added, saying that a known threat actor STRONTIUM was abusing this flaw.
The second zero-day, found in Windows SmartScreen, allowed hackers to bypass the Windows Mark of the Web warning. When a file is downloaded from the internet, it gets a “mark of the web” signaling that it might potentially be malicious.
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,” Microsoft said.
(Except for the headline, this story has not been edited by PostX Digital and is published from a syndicated feed.)