Windows News
Microsoft's March 2023 Patch Tuesday has arrived, delivering critical security updates addressing 58 vulnerabilities across Windows, Edge, Office, and other Microsoft products. This month's update includes fixes for two zero-day vulnerabilities already being exploited in the wild, reinforcing the importance of prompt patching for enterprise and home users alike.
Overview of March 2023 Security Updates
Microsoft's monthly security release includes:
- 58 total vulnerabilities addressed
- 6 critical-rated vulnerabilities
- 49 important-rated vulnerabilities
- 2 zero-day vulnerabilities under active attack
- 3 publicly disclosed vulnerabilities
Critical Vulnerabilities Patched
The most severe vulnerabilities fixed this month include:
- CVE-2023-23397 (Critical): Outlook Elevation of Privilege Vulnerability
- Allows attackers to access Net-NTLMv2 hashes without user interaction
- Being actively exploited in limited targeted attacks
-
Affects all supported versions of Microsoft Outlook
-
CVE-2023-24880 (Critical): Windows SmartScreen Security Feature Bypass
- Could allow attackers to bypass Mark of the Web protections
-
Another zero-day under active exploitation
-
CVE-2023-23415 (Critical): Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
- Could allow remote code execution via specially crafted ICMP packets
- Requires no user interaction
Zero-Day Exploits Addressed
Microsoft confirmed two zero-day vulnerabilities being actively exploited before patches were available:
-
Outlook NTLM Hash Theft (CVE-2023-23397)
- Attackers send specially crafted emails that trigger automatically
- Leaks NTLM credentials to attacker-controlled servers
- No user interaction required -
Windows SmartScreen Bypass (CVE-2023-24880)
- Allows execution of malicious files despite security warnings
- Being used in ransomware and malware distribution campaigns
Notable Security Updates
Other important fixes in this release include:
- Microsoft Edge (Chromium-based) vulnerabilities
- Multiple security updates for Edge browser
-
Includes fixes for Chromium vulnerabilities
-
Office and SharePoint updates
- Fixes for remote code execution vulnerabilities
-
Information disclosure protections
-
Windows Kernel updates
- Multiple privilege escalation vulnerabilities patched
- Memory corruption fixes
Patch Deployment Recommendations
Security experts recommend:
- Enterprise environments:
- Prioritize patching Outlook vulnerabilities immediately
- Test and deploy Windows updates within 72 hours
-
Monitor for unusual NTLM authentication attempts
-
Home users:
- Enable automatic updates if not already configured
- Manually check for updates if using deferred update channels
- Be extra cautious with email attachments until patched
Long-Term Security Implications
The Outlook vulnerability (CVE-2023-23397) is particularly concerning because:
- It bypasses all security warnings and requires no user interaction
- Stolen NTLM hashes can be used in pass-the-hash attacks
- The attack leaves minimal forensic evidence
Microsoft has provided detection guidance in their advisory, including PowerShell scripts to scan for exploitation attempts.
Additional Security Enhancements
Beyond vulnerability fixes, this update includes:
- Improved ransomware protections in Windows Defender
- Enhanced memory protections for Office applications
- Additional hardening for Windows authentication processes
Update Methods
Users can obtain these security updates through:
- Windows Update (Settings > Update & Security)
- Microsoft Update Catalog
- WSUS for enterprise deployments
- Configuration Manager for managed environments
Looking Ahead
With two zero-days already being exploited in March, security teams should:
- Review their patch management processes
- Consider additional NTLM hardening measures
- Monitor for new exploit variants that might emerge
Microsoft continues to recommend enabling multi-factor authentication and network segmentation as additional protective measures beyond patching.