Home > Security Bulletins > Microsoft Patch Tuesday – March 2023

Microsoft Patch Tuesday – March 2023

Microsoft Patch Tuesday – 83 patches this month

Microsoft Patch Tuesday

This month’s Patch Tuesday has security updates to fix two actively exploited zero-days and a total of 83 vulnerabilities.
Fixes for multiple products were released as usual – including nine Critical severity vulnerabilities, which allow Remote Code Execution, Denial of Service, or Privilege Escalation.

The most important patches are:

CVE-2023-23397 – Microsoft Outlook Privilege Escalation. Specially crafted mails can force a target device to connect to a remote URL and pass the user’s NTLMv2 hash. The user does not have to open the mail, it only has to be delivered to the inbox of the Outlook client. This vulnerability affects multiple versions of Outlook from 2013 to the present Microsoft 365 version and should be patched ASAP. CVSS 3.1: 9.8 (Critical)

CVE-2023-24880 – Windows SmartScreen Security Feature Bypass. An attack exploiting this vulnerability would allow a malicious file to evade Mark-of-the-Web defenses included Protected View in Microsoft Office. CVSS 3.1: 5.4 (High)

The 83 patches this month break down as follows:

  • 27 Remote Code Execution
  • 21 Privilege Escalation
  • 15 Information Disclosure
  • 10 Spoofing
  • 4 Denial of Service
  • 2 Security Feature Bypass
  • 1 Edge – Chromium

Affected Products

  • Azure
  • Client Server Run-time Subsystem (CSRSS)
  • Internet Control Message Protocol (ICMP)
  • Microsoft Bluetooth Driver
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft OneDrive
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft Windows Codecs Library
  • Office for Android
  • Remote Access Service Point-to-Point Tunneling Protocol
  • Role: DNS Server
  • Role: Windows Hyper-V
  • Service Fabric
  • Visual Studio
  • Windows Accounts Control
  • Windows Bluetooth Service
  • Windows Central Resource Manager
  • Windows Cryptographic Services
  • Windows Defender
  • Windows HTTP Protocol Stack
  • Windows HTTP.sys
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Partition Management Driver
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Remote Procedure Call
  • Windows Remote Procedure Call Runtime
  • Windows Resilient File System (ReFS)
  • Windows Secure Channel
  • Windows SmartScreen
  • Windows TPM
  • Windows Win32K