Today’s VERT Alert addresses Microsoft’s March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th.
In-The-Wild & Disclosed CVEs
Up first this month is a publicly disclosed and exploited vulnerability impacting Windows SmartScreen. SmartScreen prompts you when running certain files downloaded from the Internet to warn you that you should exercise caution before proceeding. SmartScreen is able to do this using the zone identifier Alternate Data Stream (ADS) or Mark of the Web. When the Zone Identifier is set to 3, SmartScreen knows that the file was downloaded from the Internet. This vulnerability allows attackers to craft malicious files that can evade Mark of the Web defenses.
This exploited, but not publicly disclosed, vulnerability allows attackers to perform an NTLM Relay attack. A malicious email can trigger when processed before even hitting the preview pane. Upon triggering, the email causes the victim to connect to an external UNC controlled by the attacker. This reveals the Net-NTLMv2 hash of the victim, allowing the attacker to relay the hash to another service and authenticate as the victim.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color-coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
Windows HTTP Protocol Stack |
1 |
CVE-2023-23392 |
|
Microsoft PostScript Printer Driver |
18 |
CVE-2023-24856, CVE-2023-23406, CVE-2023-23413, CVE-2023-24857, CVE-2023-24858, CVE-2023-24863, CVE-2023-24864, CVE-2023-24866, CVE-2023-24906, CVE-2023-24867, CVE-2023-24907, CVE-2023-24868, CVE-2023-24909, CVE-2023-24870, CVE-2023-24911, CVE-2023-24872, CVE-2023-24913, CVE-2023-24876 |
|
Internet Control Message Protocol (ICMP) |
1 |
CVE-2023-23415 |
|
Windows Cryptographic Services |
1 |
CVE-2023-23416 |
|
Visual Studio |
4 |
CVE-2023-22490, CVE-2023-23946, CVE-2023-22743, CVE-2023-23618 |
|
Microsoft Dynamics |
6 |
CVE-2023-24919, CVE-2023-24879, CVE-2023-24920, CVE-2023-24921, CVE-2023-24922, CVE-2023-24891 |
|
Windows TPM |
2 |
CVE-2023-1017, CVE-2023-1018 |
|
Microsoft Office SharePoint |
1 |
CVE-2023-23395 |
|
Remote Access Service Point-to-Point Tunneling Protocol |
1 |
CVE-2023-23404 |
|
Microsoft Windows Codecs Library |
2 |
CVE-2023-23401, CVE-2023-23402 |
|
Windows Point-to-Point Protocol over Ethernet (PPPoE) |
3 |
CVE-2023-23385, CVE-2023-23407, CVE-2023-23414 |
|
Windows Secure Channel |
1 |
CVE-2023-24862 |
|
Microsoft Office Excel |
3 |
CVE-2023-23396, CVE-2023-23398, CVE-2023-23399 |
|
Microsoft Graphics Component |
1 |
CVE-2023-24910 |
|
Windows Kernel |
4 |
CVE-2023-23420, CVE-2023-23421, CVE-2023-23422, CVE-2023-23423 |
|
Microsoft Bluetooth Driver |
1 |
CVE-2023-23388 |
|
Windows Remote Procedure Call Runtime |
3 |
CVE-2023-23405, CVE-2023-24908, CVE-2023-24869 |
|
Windows Accounts Control |
1 |
CVE-2023-23412 |
|
Client Server Run-time Subsystem (CSRSS) |
2 |
CVE-2023-23394, CVE-2023-23409 |
|
Windows Defender |
1 |
CVE-2023-23389 |
|
Windows Partition Management Driver |
1 |
CVE-2023-23417 |
|
Windows SmartScreen |
1 |
CVE-2023-24880 |
|
Windows Remote Procedure Call |
1 |
CVE-2023-21708 |
|
Windows Central Resource Manager |
1 |
CVE-2023-23393 |
|
Microsoft OneDrive |
4 |
CVE-2023-24923, CVE-2023-24882, CVE-2023-24930, CVE-2023-24890 |
|
Role: DNS Server |
1 |
CVE-2023-23400 |
|
Service Fabric |
1 |
CVE-2023-23383 |
|
Windows Win32K |
1 |
CVE-2023-24861 |
|
Azure |
1 |
CVE-2023-23408 |
|
Microsoft Office Outlook |
1 |
CVE-2023-23397 |
|
Office for Android |
1 |
CVE-2023-23391 |
|
Mariner |
3 |
CVE-2023-20052, CVE-2023-20032, CVE-2023-0567 |
|
Windows Resilient File System (ReFS) |
2 |
CVE-2023-23418, CVE-2023-23419 |
|
Windows HTTP.sys |
1 |
CVE-2023-23410 |
|
Microsoft Printer Drivers |
2 |
CVE-2023-23403, CVE-2023-24865 |
|
Windows Bluetooth Service |
1 |
CVE-2023-24871 |
|
Role: Windows Hyper-V |
1 |
CVE-2023-23411 |
|
Microsoft Edge (Chromium-based) |
22 |
CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE-2023-1216, CVE-2023-1217, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1223, CVE-2023-1224, CVE-2023-1228, CVE-2023-1229, CVE-2023-1230, CVE-2023-1231, CVE-2023-1232, CVE-2023-1233, CVE-2023-1234, CVE-2023-1235, CVE-2023-1236, CVE-2023-24892 |
|
Windows Internet Key Exchange (IKE) Protocol |
1 |
CVE-2023-24859 |
Other Information
At the time of publication, there were no new advisories included with the March Security Guidance.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
