Discover what’s new in Lansweeper – Explore our 2024 Summer Launch! 🚀 Learn more

TRY NOW
Patch Tuesday

Microsoft Patch Tuesday – March 2023

7 min. read
14/03/2023
By Esben Dochy
Microsoft-Patch-Tuesday-May-2022

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The March 2023 edition of Patch Tuesday brings us 80 fixes, with 9 rated as critical. We’ve listed the most important changes below.

⚡ TL;DR | Go Straight to the March 2023 Patch Tuesday Audit Report

Microsoft Outlook Elevation of Privilege Vulnerability

The most pressing vulnerability this month is one in Microsoft Outlook. CVE-2023-23397 has already been exploited, so it is important to update as soon as possible. Do keep in mind that, unfortunately, Lansweeper cannot report on the KB updates that address this vulnerability. Microsoft mentions the following about the exploitation process:

External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.

Another piece of useful information is that the Outlook Preview Pane is not an attack vector. Exploitation of this vulnerability can take place before the email is viewed in the Preview Pane.

Lastly, there are alternative mitigation options, such as adding users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism or block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings.

ICMP Remote Code Execution Vulnerability

CVE-2023-23415 is another critical vulnerability fixed this month. With a CVSS base score of 9.8, it’s close to hitting the most severe rating possible. This Internet Control Message Protocol (ICMP) Remote Code Execution vulnerability has not yet been exploited according to Microsoft, but it is more likely to be exploited in the future.

Microsoft lists that in order to exploit this vulnerability, an attacker needs to send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine.

HTTP Protocol Stack Remote Code Execution Vulnerability

The third critical vulnerability is one in the HTTP protocol stack. CVE-2023-23392 also has a CVSS score of 9.8 and is also not yet exploited but is more likely to be exploited in the future. The “good” news is that only Windows Server 2022 is vulnerable.

To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.

While updating is the easy way to prevent exploitation, you can opt to mitigate the vulnerability by disabling HTTP/3 if it is enabled.

Run the Patch Tuesday March 2023 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday March 2023 CVE Codes & Titles

CVE NumberCVE Title
CVE-2023-24930Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability
CVE-2023-24923Microsoft OneDrive for Android Information Disclosure Vulnerability
CVE-2023-24922Microsoft Dynamics 365 Information Disclosure Vulnerability
CVE-2023-24921Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24920Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24919Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24913Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24911Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24910Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-24909Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24908Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-24907Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24906Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24892Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
CVE-2023-24891Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24890Microsoft OneDrive for iOS Security Feature Bypass Vulnerability
CVE-2023-24882Microsoft OneDrive for Android Information Disclosure Vulnerability
CVE-2023-24880Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-24879Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24876Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24872Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24871Windows Bluetooth Service Remote Code Execution Vulnerability
CVE-2023-24870Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24869Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-24868Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24867Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24866Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24865Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24864Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
CVE-2023-24863Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24862Windows Secure Channel Denial of Service Vulnerability
CVE-2023-24861Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-24859Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
CVE-2023-24858Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-23946GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability
CVE-2023-23618GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability
CVE-2023-23423Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-23422Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-23421Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-23420Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-23419Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2023-23418Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2023-23417Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2023-23416Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2023-23415Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
CVE-2023-23414Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
CVE-2023-23413Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-23412Windows Accounts Picture Elevation of Privilege Vulnerability
CVE-2023-23411Windows Hyper-V Denial of Service Vulnerability
CVE-2023-23410Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2023-23409Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
CVE-2023-23408Azure Apache Ambari Spoofing Vulnerability
CVE-2023-23407Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
CVE-2023-23406Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-23405Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-23404Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-23403Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-23402Windows Media Remote Code Execution Vulnerability
CVE-2023-23401Windows Media Remote Code Execution Vulnerability
CVE-2023-23400Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-23399Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-23398Microsoft Excel Spoofing Vulnerability
CVE-2023-23397Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2023-23396Microsoft Excel Denial of Service Vulnerability
CVE-2023-23395Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-23394Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability
CVE-2023-23392HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2023-23391Office for Android Spoofing Vulnerability
CVE-2023-23389Microsoft Defender Elevation of Privilege Vulnerability
CVE-2023-23388Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2023-23385Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability
CVE-2023-23383Service Fabric Explorer Spoofing Vulnerability
CVE-2023-22743GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability
CVE-2023-22490GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability
CVE-2023-21708Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-1018CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability
CVE-2023-1017CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability
CVE-2022-43552Open Source Curl Remote Code Execution Vulnerability
CVE-2022-23825AMD: CVE-2022-23825 AMD CPU Branch Type Confusion
CVE-2022-23816AMD: CVE-2022-23816 AMD CPU Branch Type Confusion
CVE-2022-23257Windows Hyper-V Remote Code Execution Vulnerability

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.