Microsoft regularly releases an anticipated batch of security patches and updates for various products and services on every second Tuesday of the month. And This has become known as the Microsoft security Patch Tuesday update, keep this tradition today 14 March 2023 second Tuesday of the month, and Microsoft has released 80 security fixes including two zero-day vulnerabilities. Eight of the vulnerabilities fixed today were classified as Critical as they enable attackers to achieve remote code execution, privilege elevation, or spoofing. Microsoft rates the rest of the 71 are rated important and one is rated Moderate in severity.
The March security update includes patches for:
- 21 elevation of privilege (EoP) bugs, (Important: 22 Critical: 5)
- 27 remote code execution (RCE) vulnerabilities, (29 Important and 9 Critical)
- 15 information disclosure bugs, (important 15)
- 2 security Feature Bypass Vulnerabilities (Important 1)
- 4 denial of service bugs, (Important: 3 Critical: 1)
- 10 spoofing Vulnerability (6 Important)
The list didn’t include 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks.
A total of 39 unique Microsoft products, features, and roles, including but not limited to Azure CLI, Microsoft Exchange Server Cumulative Update, Windows Endpoint, Windows Server, and Windows Server 2022 Datacenter: Azure Edition (Hotpatch) were included in this release.
Contents
Notable and Critical Microsoft Vulnerabilities Patched
Two Zero-day Vulnerabilities
- CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability
- CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability (Zero-day Vulnerabilities)
Critical Severity Vulnerabilities Patched
- CVE-2023-1017 and CVE-2023-1018 – TPM2.0 Module Library Elevation of Privilege Vulnerability
- CVE-2023-21708 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
- CVE-2023-23392 – HTTP Protocol Stack Remote Code Execution Vulnerability
- CVE-2023-23404 – Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-23411 – Windows Hyper-V Denial of Service Vulnerability
- CVE-2023-23415 – Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
- CVE-2023-23416 – Windows Cryptographic Services Remote Code Execution Vulnerability
Other Microsoft Vulnerability Highlights
- CVE-2023-23398 allows an attacker to trick a user into enabling content they cannot inspect. Using social engineering to convince a victim to download and open a specially constructed file from a website could result in a local attack on the victim’s computer.
- CVE-2023-23410 is an elevation of privilege vulnerability in the HTTP.sys web server implementation. The flaw allows an attacker to gain SYSTEM privileges on successful exploitation.
- CVE-2023-24861 is an elevation of privilege vulnerability in the Windows Graphic component. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker may gain SYSTEM privileges after exploiting this vulnerability.
- CVE-2023-24876 is a remote code execution vulnerability that affects the Microsoft PostScript and PCL6 Class Printer Driver.
Recent updates from other companies
Third-party vendors such as Google, Apple, SAP, Cisco, Fortinet, and VMware have released updates after last month’s Patch Tuesday. Other vendors who released updates in February 2023 include:
- Apple released a security update for GarageBand for macOS 10.4.8.
- Cisco released security updates for multiple products.
- Google released the Android March 2023, ChromeOS, and Google Chrome security updates.
- Fortinet released a security update for a FortiOS bug that is actively exploited in attacks.
- SAP has released its March 2023 Patch Day updates.
- Veeam released security updates for a RCE flaw in Veeam Backup & Replication (VBR).
Windows security updates
In addition to the security fixes, Microsoft has also published an update for the Windows Update service to improve its reliability and performance.
Windows 11
Microsoft fixes 54 vulnerabilities in Windows 11, where 8 of which are considered critical and 45 important and 1 moderate important.
- HTTP Protocol Stack Remote Code Execution Vulnerability — CVE-2023-23392
- CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability — CVE-2023-1017
- CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability — CVE-2023-1018
- Remote Procedure Call Runtime Remote Code Execution Vulnerability — CVE-2023-21708
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability — CVE-2023-23404
- Windows Hyper-V Denial of Service Vulnerability — CVE-2023-23411
- Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability — CVE-2023-23415
- Windows Cryptographic Services Remote Code Execution Vulnerability — CVE-2023-23416
Windows 11 (version 22H2) – KB5023706 (OS Build 22621.1413). Manual download from Microsoft Update Catalog.
Cumulative Update KB5023706, brings the so-called MOMENT 2 UPDATE to Windows 11 advances the build number to 22621.1413
Installing Cumulative Update KB5023706 will be bumped to Windows 11 version 22621.1413 and include the following changes:
- This update makes miscellaneous security improvements to internal OS functionality
- Brings moment 2 features, including tabbed Notepad, Phone Link for iOS, a searchable Task Manager, the tablet-optimized taskbar, screen recording in the Snipping Tool, Voice Assist, and much more.
- Addresses an issue that changes the Color filter setting to Grayscale when you select Inverted.
- For IE mode users, Microsoft has addressed an issue that sometimes makes text on the status bar invisible.
- Fixed an issue causing a blue screen during video playback after setting high dynamic range (HDR) on your display.
- This update addresses an issue that affects which folders appear in the Browse for Folder picker.
Windows 10:
Windows 10 version 22H2 was affected by 52 vulnerabilities, 7 critical 44 important and 1 moderate.
- Same as Windows 11
Windows 10 version 22H2 – KB5023696 (OS Build 19045.2728). Manual download from Microsoft Update Catalog. The same applies to windows 10 version 21H2.
Windows 10 version 1809 – KB5023702 (OS Build 17763.4131). Manual download from Microsoft Update Catalog.
Note. Versions 21H1, and 21H2, share a common base operating system version and have an identical set of system files. That is why they receive the same cumulative updates.
Installing Cumulative Update KB5023696 will be bumped to Windows 10 version 19045.2728 and include the following changes:
- Microsoft fixed an issue affecting cbs.log. This issue logged messages that were not errors in cbs.log.
- Microsoft improved how the Remove-Item cmdlet works for Microsoft OneDrive folders.
- Microsoft fixed an issue affecting AppV. It prevented file names from having the correct letter case (uppercase or lowercase).
- Microsoft fixed an issue affecting Microsoft Edge. The issue removed conflicting policies for Microsoft Edge. This happened when you set the MDMWinsOverGPFlag in a Microsoft Intune tenant, and Intune detected a policy conflict.
- Microsoft fixed an issue affecting Azure Active Directory (Azure AD). It caused bulk provisioning to fail when using a provisioning package.
- Microsoft fixed an issue affecting MSInfo.exe. It incorrectly reported the Windows Defender Application Control (WDAC) user mode policy’s enforcement status.
- Microsoft fixed an issue affecting the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This happened after you ran Sysprep on a domain-joined machine.
You can read the complete changelog on the Microsoft support site here.
Windows 7 and windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023
Download the windows 10 update
All these security updates are automatically downloaded and installed via windows update. Or you force Windows update from settings, update & security check for updates to install March 2023 patch updates immediately on your device.
If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.
If you face any difficulty while installing these updates, Check Windows 10 Update troubleshooting guide to fix the windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.
- What time do Patch Tuesday patches come out?
Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.
Is Patch Tuesday weekly or monthly?
Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on April 11, 2023.
- Why did the second Tuesday of every month call patch Tuesday?
The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.
- What is the latest update for Windows 10 March 2023?
The latest windows 10 KB5023696 for version 22H2 and 21H2 and KB5023702 for windows 10 version 1809
- What is the zero-day patch?
The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.
Also read:
- How to Setup And Configure an FTP server on Windows 10 step by step Guide
- Fix the “Critical Process Died” Stop Code 0x000000EF in Windows 10
- How to fix Laptop Touch screen not working on windows 10
- Fix System Idle Process high CPU usage on Windows 10
- iTunes Not Working on Windows 10? Here 5 Different iTunes problems and solutions