deneme bonusu
Microsoft's Patch Tuesday for March 2023 provides security fixes for 83 bugs, 2 zero-day flaws | Insider Feeds %

Microsoft’s Patch Tuesday for March 2023 provides security fixes for 83 bugs, 2 zero-day flaws




What just happened? Since 2003, Microsoft has used ‘Patch Tuesday’ as the unofficial definition for the company’s monthly release of security bugfixes for Windows and other software products. For March 2023, Redmond fixed two nasty zero-day flaws state-sponsored cyber-criminals and ransomware operations have already exploited in the wild.

This week, Microsoft released its latest collection of security fixes. Compared to February 2023, the latest batch of patches deals with an increasing number of vulnerabilities, including a couple of already exploited flaws.

Microsoft’s security bulletin March says this release includes fixes for many Windows components and security features, Hyper-V virtualization technology, Visual Studio, Office programs, and more. The update should fix 83 security flaws for Windows and other Microsoft software products.

Nine of the 83 weaknesses have been classified as “Critical,” meaning hackers could use them for various attacks. Considering the type of bug and the effect it has on Windows and other affected software, the vulnerabilities fall into the following categories: 21 Elevation of Privilege Vulnerabilities, 2 Security Feature Bypass Vulnerabilities, 27 Remote Code Execution Vulnerabilities, 15 Information Disclosure Vulnerabilities, 4 Denial of Service Vulnerabilities, 10 Spoofing Vulnerabilities, 1 Edge – Chromium Vulnerability.

That list does not include 21 vulnerabilities Microsoft already fixed in the Edge browser before the Patch Tuesday update. Bleeping Computer published a complete report listing all closed bugs and related advisories. The March patch included two zero-day bug fixes, which Microsoft confirmed hackers had actively exploited.

The first zero-day bug is “Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397).” If successfully exploited, the flaw allows access to a user’s Net-NTLMv2 hash, which a hacker can use “as a basis of an NTLM Relay attack against another service to authenticate as the user.” There is no need to read or preview an email, as the server would automatically trigger the flaw upon processing the message.Microsoft said the well-known Russian state-sponsored cyber gang “Strontium” group exploited CVE-2023-23397 before it issued the patch.

The second zero-day flaw is the “Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-24880).” Microsoft explains that an attacker can exploit this bug by crafting a malicious file that would evade Mark of the Web (MOTW) defenses in the Protected View feature of Microsoft Office. Google researchers discovered CVE-2023-24880, saying hackers exploited it using Magniber ransomware, noting that it is related to a previous zero-day bug (CVE-2022-44698) Microsoft fixed in December.

Microsoft distributed its latest updates through the official Windows Update service, update management systems such as WSUS, and as direct (albeit massive) downloads through the Microsoft Update Catalog. Other software companies releasing security updates in sync with Microsoft’s Patch Tuesday include Apple, Cisco, Google, Fortinet, SAP, and backup giant Veeam.


Source link

Subscribe to our magazine

━ more like this

Understanding and Excelling in the HSC Short Syllabus in Bangladesh

Introduction: The Higher Secondary Certificate (HSC) Short Syllabus in Bangladesh has been introduced to overcome academic challenges and ensure effective learning. This comprehensive guide explores...

A Detailed Exploration of SSC Exam Routine 2024 in Bangladesh

Introduction: Embarking on the academic journey, the Secondary School Certificate (SSC) exam holds paramount significance for students in Bangladesh. This comprehensive guide navigates the intricacies...

A Comprehensive Guide to PESP Finance Gov BD

Introduction: In the intricate world of financial management, PESP Finance Gov BD emerges as a key player. This comprehensive guide explores the various aspects of...

Innovative Uses for Coffee Burlap Bags in Your Garden

Demystifying Coffee Burlap Bags Before we dive into their myriad uses, let's acquaint ourselves with coffee burlap bags. Made from robust natural burlap fibers, they're...

Unlocking the Benefits of Online Shopping with Credit Cards: Why OneCard Might Be Your Best Bet?

Indians are increasingly opting for online shopping over in-store purchases, with credit card transactions online outpacing those at physical Point of Sale (PoS) locations...