Microsoft has released its March Patch Tuesday, which includes new fixes for 74 bugs, two of which are already actively exploited, and nine of which are rated critical.
The bugs in each vulnerability category are as follows: 21 Elevation of Privilege Vulnerabilities, 2 Security Feature Bypass Vulnerabilities, and 2 Remote Code Execution Vulnerabilities. There are 27 remote code execution vulnerabilities. 15 Vulnerabilities in Information Disclosure, 4 Vulnerabilities in Denial of Service, 10 Vulnerabilities in Spoofing, and 1 Vulnerability in Edge – Chromium
CVE-2023-23397, a security flaw discovered in Microsoft Outlook, affects all versions of the software from 2013 to the most recent version. According to Microsoft, the vulnerability has been exploited by attackers, who can exploit it without requiring any user interaction. This can be accomplished by sending a specially crafted email that activates automatically when it is retrieved by the email server, even before the email is opened in the Preview Pane.
“External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.,” reads Microsoft’s advisory.
Another vulnerability that was patched is one currently being targeted by attackers is a security feature bypass in Windows SmartScreen (CVE-2023-24880, CVSS score: 5.1). This flaw involves a vulnerability that could be used to bypass Mark-of-the-Web (MotW) protections when opening files downloaded from the internet that are considered untrustworthy. This vulnerability is the result of a recent patch issued by Microsoft to address another SmartScreen bypass vulnerability (CVE-2022-44698, CVSS score: 5.4) that was discovered last year and exploited by attackers to deliver Magniber ransomware for financial gain.
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,” reads Microsoft’s advisory.
The sources for this piece include an article in TheRegister.