Vulnerability Watch

Forum Discussion

scaveza's avatar
scaveza
Product Team
3 years ago

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

On March 14, Microsoft released its March 2023 Patch Tuesday update. Microsoft released patches for 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed. Of these 76 CVEs, nine were rated as critical, 66 rated as important and one was rated as moderate. 

Highlights from this month include CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook that was assigned a CVSSv3 score of 9.8 and was exploited in the wild. In addition, another zero-day vulnerability was patched this month. CVE-2023-24880 is a Windows SmartScreen Security Feature Bypass vulnerability in Windows operating systems that was assigned a CVSSv3 score of 5.4. The vulnerability has been publicly disclosed and was exploited in the wild.

This month’s update includes patches for the following products :

  • Azure
  • Client Server Run-time Subsystem (CSRSS)
  • Internet Control Message Protocol (ICMP)
  • Microsoft Bluetooth Driver
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft OneDrive
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft Windows Codecs Library
  • Office for Android
  • Remote Access Service Point-to-Point Tunneling Protocol
  • Role: DNS Server
  • Role: Windows Hyper-V
  • Service Fabric
  • Visual Studio
  • Windows Accounts Control
  • Windows Bluetooth Service
  • Windows Central Resource Manager
  • Windows Cryptographic Services
  • Windows Defender
  • Windows HTTP Protocol Stack
  • Windows HTTP.sys
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Partition Management Driver
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Remote Procedure Call
  • Windows Remote Procedure Call Runtime
  • Windows Resilient File System (ReFS)
  • Windows Secure Channel
  • Windows SmartScreen
  • Windows TPM
  • Windows Win32K

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts
No RepliesBe the first to reply

Recent Discussions