Microsoft Patch update

Microsoft regularly releases an anticipated batch of security patches and updates for various products and services on every second Tuesday of the month. And This has become known as the Microsoft security Patch Tuesday update, keep this tradition today 14 March 2023 second Tuesday of the month, and Microsoft has released 80 security fixes including two zero-day vulnerabilities. Eight of the vulnerabilities fixed today were classified as Critical as they enable attackers to achieve remote code execution, privilege elevation, or spoofing. Microsoft rates the rest of the 71 are rated important and one is rated Moderate in severity.

The March security update includes patches for:

  • 21 elevation of privilege (EoP) bugs, (Important: 22 Critical: 5)
  • 27 remote code execution (RCE) vulnerabilities, (29 Important and 9 Critical)
  • 15 information disclosure bugs, (important 15)
  • 2 security Feature Bypass Vulnerabilities (Important 1)
  • 4 denial of service bugs, (Important: 3 Critical: 1)
  • 10 spoofing Vulnerability (6 Important)

The list didn’t include 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks.

A total of 39 unique Microsoft products, features, and roles, including but not limited to Azure CLI, Microsoft Exchange Server Cumulative Update, Windows Endpoint, Windows Server, and Windows Server 2022 Datacenter: Azure Edition (Hotpatch) were included in this release.

Notable and Critical Microsoft Vulnerabilities Patched

Two Zero-day Vulnerabilities

  • CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability
  • CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability (Zero-day Vulnerabilities)

Critical Severity Vulnerabilities Patched

  • CVE-2023-1017 and CVE-2023-1018 – TPM2.0 Module Library Elevation of Privilege Vulnerability
  • CVE-2023-21708 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
  • CVE-2023-23392 – HTTP Protocol Stack Remote Code Execution Vulnerability
  • CVE-2023-23404 – Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
  • CVE-2023-23411 – Windows Hyper-V Denial of Service Vulnerability
  • CVE-2023-23415 – Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
  • CVE-2023-23416 – Windows Cryptographic Services Remote Code Execution Vulnerability

Other Microsoft Vulnerability Highlights

  • CVE-2023-23398 allows an attacker to trick a user into enabling content they cannot inspect. Using social engineering to convince a victim to download and open a specially constructed file from a website could result in a local attack on the victim’s computer.
  • CVE-2023-23410 is an elevation of privilege vulnerability in the HTTP.sys web server implementation. The flaw allows an attacker to gain SYSTEM privileges on successful exploitation.
  • CVE-2023-24861 is an elevation of privilege vulnerability in the Windows Graphic component. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker may gain SYSTEM privileges after exploiting this vulnerability.
  • CVE-2023-24876 is a remote code execution vulnerability that affects the Microsoft PostScript and PCL6 Class Printer Driver.

Recent updates from other companies

Third-party vendors such as Google, Apple, SAP, Cisco, Fortinet, and VMware have released updates after last month’s Patch Tuesday. Other vendors who released updates in February 2023 include:

Windows security updates

In addition to the security fixes, Microsoft has also published an update for the Windows Update service to improve its reliability and performance.

Windows 11

Microsoft fixes 54 vulnerabilities in Windows 11, where 8 of which are considered critical and 45 important and 1 moderate important.

  • HTTP Protocol Stack Remote Code Execution Vulnerability — CVE-2023-23392
  • CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability — CVE-2023-1017
  • CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability — CVE-2023-1018
  • Remote Procedure Call Runtime Remote Code Execution Vulnerability — CVE-2023-21708
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability — CVE-2023-23404
  • Windows Hyper-V Denial of Service Vulnerability — CVE-2023-23411
  • Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability — CVE-2023-23415
  • Windows Cryptographic Services Remote Code Execution Vulnerability — CVE-2023-23416

Windows 11 (version 22H2) – KB5023706 (OS Build 22621.1413). Manual download from Microsoft Update Catalog.

Cumulative Update KB5023706, brings the so-called MOMENT 2 UPDATE to Windows 11 advances the build number to 22621.1413

Installing Cumulative Update KB5023706 will be bumped to Windows 11 version 22621.1413 and include the following changes:

Windows 11 build 22621.1413

  • This update makes miscellaneous security improvements to internal OS functionality
  • Brings moment 2 features, including tabbed Notepad, Phone Link for iOS, a searchable Task Manager, the tablet-optimized taskbar, screen recording in the Snipping Tool, Voice Assist, and much more.
  • Addresses an issue that changes the Color filter setting to Grayscale when you select Inverted.
  • For IE mode users, Microsoft has addressed an issue that sometimes makes text on the status bar invisible.
  • Fixed an issue causing a blue screen during video playback after setting high dynamic range (HDR) on your display.
  • This update addresses an issue that affects which folders appear in the Browse for Folder picker.

Windows 10:

Windows 10 version 22H2 was affected by 52 vulnerabilities, 7 critical 44 important and 1 moderate.

  • Same as Windows 11

Windows 10 version 22H2 – KB5023696 (OS Build 19045.2728). Manual download from Microsoft Update Catalog. The same applies to windows 10 version 21H2.

Windows 10 version 1809 – KB5023702 (OS Build 17763.4131). Manual download from Microsoft Update Catalog.

Note. Versions 21H1, and 21H2, share a common base operating system version and have an identical set of system files. That is why they receive the same cumulative updates.

Installing Cumulative Update KB5023696 will be bumped to Windows 10 version 19045.2728 and include the following changes:

windows 10 build 19045.2604

  • Microsoft fixed an issue affecting cbs.log. This issue logged messages that were not errors in cbs.log.
  • Microsoft improved how the Remove-Item cmdlet works for Microsoft OneDrive folders.
  • Microsoft fixed an issue affecting AppV. It prevented file names from having the correct letter case (uppercase or lowercase).
  • Microsoft fixed an issue affecting Microsoft Edge. The issue removed conflicting policies for Microsoft Edge. This happened when you set the MDMWinsOverGPFlag in a Microsoft Intune tenant, and Intune detected a policy conflict.
  • Microsoft fixed an issue affecting Azure Active Directory (Azure AD). It caused bulk provisioning to fail when using a provisioning package.
  • Microsoft fixed an issue affecting MSInfo.exe. It incorrectly reported the Windows Defender Application Control (WDAC) user mode policy’s enforcement status.
  • Microsoft fixed an issue affecting the Local Security Authority Subsystem Service (LSASS). LSASS might stop responding. This happened after you ran Sysprep on a domain-joined machine.

You can read the complete changelog on the Microsoft support site here.

Windows 7 and windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023

Download the windows 10 update

All these security updates are automatically downloaded and installed via windows update. Or you force Windows update from settings, update & security check for updates to install March 2023 patch updates immediately on your device.

Checking for windows updates

If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check Windows 10 Update troubleshooting guide to fix the windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.

  • What time do Patch Tuesday patches come out?

Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.

Is Patch Tuesday weekly or monthly?

Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on April 11, 2023.

  • Why did the second Tuesday of every month call patch Tuesday?

The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.

  • What is the latest update for Windows 10 March 2023?

The latest windows 10 KB5023696 for version 22H2 and 21H2 and KB5023702 for windows 10 version 1809

  • What is the zero-day patch?

The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.

Also read:

SOURCEArticle Source