Service Notices
Microsoft Releases March 2023 Security Updates
Mar 16, 2023 GMT+08:00
I. Overview
Microsoft has released its March 2023 Security Updates. A total of 76 security vulnerabilities have been disclosed, among which 9 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Exchange, and Windows HTTP.sys.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2023-Mar
The following vulnerabilities have been exploited by attackers:
Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-24880): 0-day vulnerability. An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses and allow the attacker to bypass security features. Currently, the vulnerability details have been disclosed, and the vulnerability has been exploited by wild attacks. The risk is high.
Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397): 0-day vulnerability. An attacker could send a specially crafted email to a victim system to exploit this vulnerability. Successful exploitation of this vulnerability allows the attacker to authenticate as the victim. This vulnerability has been exploited in the wild, and the risk is high.
6 vulnerabilities (such as CVE-2023-23415, CVE-2023-23392, and CVE-2023-23416) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, Microsoft Exchange, and Windows HTTP.sys.
IV. Vulnerability Details
CVE ID |
Vulnerability |
Severity |
Description |
CVE-2023-23415 |
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
Important |
An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. Successful exploitation of this vulnerability may allow arbitrary code execution on the target system. |
CVE-2023-23411 |
Windows Hyper-V Denial of Service Vulnerability |
Important |
Authenticated attackers can exploit this vulnerability to cause denial of service (DoS) on the target Hyper-V server. |
CVE-2023-1017 |
TPM2.0 Module Library Elevation of Privilege Vulnerability |
Important |
An authenticated attacker can write 2-byte data into the buffer. An attacker who could successfully exploit this vulnerability could cause denial of service or arbitrary code execution in the TPM context. An attacker could send a specially crafted TPM command to Hyper-V to trigger the vulnerability. Successful exploitation of this vulnerability may lead to privilege escalation. |
CVE-2023-1018 |
|||
CVE-2023-23416 |
Windows Cryptographic Services Remote Code Execution Vulnerability |
Important |
For successful exploitation, a malicious certificate needs to be imported to an affected system. An attacker could upload a certificate to a service that processes or imports certificates, or convince an authenticated user to import a certificate on their system. Successful exploitation of this vulnerability could allow the attacker to escalate its privilege and execute arbitrary code on the target system. |
CVE-2023-23392 |
HTTP Protocol Stack Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets. Successful exploitation of this vulnerability could lead to arbitrary remote code execution on the target server. |
CVE-2023-23404 |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. |
CVE-2023-23397 |
Microsoft Outlook Elevation of Privilege Vulnerability |
Important |
An attacker could send a specially crafted email to a victim system to exploit this vulnerability. Successful exploitation of this vulnerability allows the attacker to authenticate as the victim. |
CVE-2023-21708 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Important |
To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. Blocking TCP port 135 at the enterprise perimeter firewall is a recommended best practice that could reduce the likelihood of some potential attacks against this vulnerability. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.