This Month’s Patch Tuesday Drop Has A Ton Of Fixes That Should Make You Patch Everything Immediately

As I type this I am installing this month’s Patch Tuesday updates on all of my hardware and VMs that run Microsoft software. And according to Bleeping Computer, it’s a good thing that I am:

Today is Microsoft’s March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws.

Nine vulnerabilities have been classified as ‘Critical’ for allowing remote code execution, denial of service, or elevation of privileges attacks.

The number of bugs in each vulnerability category is listed below:

  • 21 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 27 Remote Code Execution Vulnerabilities
  • 15 Information Disclosure Vulnerabilities
  • 4 Denial of Service Vulnerabilities
  • 10 Spoofing Vulnerabilities
  • 1 Edge – Chromium Vulnerability

This count does not include twenty-one Microsoft Edge vulnerabilities fixed yesterday.

Gal Sadeh, Head of Data and Security Research, Silverfort has this view of some of the vulnerabilities fixed in this dump:

     “A critical RCE vulnerability in Remote Procedure Call Runtime, CVE-2023-21708, should be a priority for security teams as it allows unauthenticated attackers to run remote commands on a target machine. Threat actors could use this to attack Domain Controllers, which are open by default. To mitigate this, we recommend Domain Controllers only allow RPC from authorized networks and RPC traffic to unnecessary endpoints and servers is limited.

Being exploited in the wild, a vulnerability in Windows Defender SmartScreen (CVE-2023-24880) allows attackers to subvert in-built Windows protections blocking untrustworthy files.  The usual checks on reputation and source of files are bypassed, allowing malicious programs to run. This new threat is similar to another actively exploited SmartScreen vulnerability, patched by Microsoft in December 2022.

Another critical vulnerability, CVE-2023-23415, poses a serious risk as it allows attackers to exploit a flaw in Internet Control Message Protocol – which is often not restricted by firewalls – to gain remote code execution on exposed servers using a malicious packet. Requiring the targeting of a raw socket – any organization using such infrastructure should either patch or block ICMP packets at the firewall.”

Clearly it’s time to patch all the things. While the zero days are the most concerning, there are clearly other things here that you need to worry about.

Leave a Reply

%d bloggers like this: