For March, Microsoft released 76 CVEs new patches which is still more than expected for the third month of 2023. Out of all patches released, 9 are rated critical and 2 have been seen exploited in the wild. It’s also a bit unusual that half of them are addressing remote code execution (RCE) bugs.
Let’s take a closer look at the most interesting updates for this month.
Notable Critical Microsoft Vulnerabilities
Windows Hyper-V Denial of Service Vulnerability:
- CVE-2023-23411 is a Denial of Service Vulnerability affecting Hyper-V. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability:
- CVE-2023-23415 is a RCE vulnerability affecting ICMP that could be exploited by attackers through the use of a low-level protocol error containing a fragmented IP packet embedded with another ICMP packet in the header, directed towards the target machine. To activate the vulnerable code path, an application on the target system must be bound to a raw socket.
Windows Point-to-Point (P2P) Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-23404 is a RCE affecting P2P tunneling protocol. An unauthenticated attacker has the potential to exploit this vulnerability by sending a connection request specially crafted to a remote access server (RAS). This could potentially lead to a remote code execution on the targeted RAS machine.
Windows Cryptographic Services Remote Code Execution Vulnerability
- CVE-2023-23416 is a RCE Vulnerability that can be exploited if a malicious certificate is imported on an affected system. It has been rated as “less likely exploitable” because an attacker could achieve this by either uploading a certificate to a service that processes or imports certificates, or by persuading an authenticated user to import into their system.
HTTP Protocol Stack Remote Code Execution Vulnerability
- CVE-2023-23392 is another RCE Vulnerability affecting HTTP Protocol Stack in Windows 11 and Windows Server 2022. By utilizing the HTTP Protocol Stack (http.sys) to process packets, an unauthenticated attacker could send a specifically tailored packet to the targeted server.
Remote Procedure Call (RPC) Runtime Remote Code Execution Vulnerability
- CVE-2023-21708 is a RCE Vulnerability impacting RPC that could result in remote code execution on the server-side with the same permissions as the operating RPC service.
TPM2.0 Module Library Elevation of Privilege Vulnerability
- CVE-2023-1017 and CVE-2023-1018 are affecting the TPM2.0 Module Library. An out-of-bound write vulnerability allows the writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. If successfully exploited, an attacker can execute arbitrary code in the TPM context that can lead to denial of service by crashing the TPM chip/process or rendering it inoperable.
An actively exploited zero-day vulnerability covered by Runecast Analyzer is CVE-2023-24880 which is rated as Moderate and affects Windows SmartScreen. An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of security features like Protected View in Microsoft Office which depend on MOTW tagging. Microsoft explained: “When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check.”
It is highly recommended to keep all systems up to date in order to mitigate or minimize the risk of an unfortunate event.
Details of all 76 vulnerabilities are shown in the table below.
Tag | CVE ID | CVE Title | Severity |
Role: Windows Hyper-V | CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability | Critical |
Internet Control Message Protocol (ICMP) | CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | Critical |
Remote Access Service Point-to-Point Tunneling Protocol | CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Cryptographic Services | CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability | Critical |
Windows HTTP Protocol Stack | CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability | Critical |
Windows Remote Procedure Call | CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Critical |
Windows TPM | CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical |
Windows TPM | CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability | Critical |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Important |
Microsoft Bluetooth Driver | CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft PostScript Printer Driver | CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Windows Accounts Control | CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability | Important |
Windows Bluetooth Service | CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability | Important |
Windows Central Resource Manager | CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | Important |
Windows HTTP.sys | CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability | Important |
Windows Internet Key Exchange (IKE) Protocol | CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Important |
Windows Kernel | CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Partition Management Driver | CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | Important |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Secure Channel | CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability | Important |
Windows SmartScreen | CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate |
Windows Win32K | CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Runecast protects you against all of these
At Runecast we ensure that all operating systems vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.
Runecast is an AI-powered platform that gives you complete visibility and control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, security and compliance to ensure every aspect of your environment is protected. In addition, Runecast also provides explicit instructions and generates custom remediation scripts, ensuring rapid compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Google Cloud, Kubernetes, and VMware environments and operates securely on-premises.
![Patch Tuesday – 9 critical CVEs & 2 zero-day vulnerabilities]()
Click to view larger image ↑
![]()
Click to view larger image ↑
![]()
Click to view larger image ↑
![]()
Click to view larger image ↑
![]()
Click to view larger image ↑
