Microsoft Monthly Security Update – 15 Mar 2023

In Cyber Security by Matsco Engineering Team


Microsoft have released a security advisory on the 15th of March 2023 in line with their regular monthly patch schedule which includes a number of updates to address two (2) high risk, five (5) medium risk and two (2) low risk vulnerabilities. 

These updates address vulnerabilities which may impact services through Denial of Service, Elevation of Privilege, Remote Code Execution, Security Restriction Bypass, Information Disclosure and Spoofing. 

For more information please see: Microsoft Security Update​

This release consists of security updates for the following products, features and roles:

 

  • Azure
  • Client Server Run-time Subsystem (CSRSS)
  • Microsoft Bluetooth Driver
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft OneDrive
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft Windows Codecs Library
  • Office for Android
  • Remote Access Service Point-to-Point Tunneling Protocol
  • Role: DNS Server
  • Role: Windows Hyper-V
  • Service Fabric
  • Visual Studio
  • Windows Accounts Control
  • Windows Bluetooth Service
  • Windows Central Resource Manager
  • Windows Cryptographic Services
  • Windows Defender
  • Windows HTTP Protocol Stack
  • Windows HTTP.sys
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Partition Management Driver
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Remote Procedure Call
  • Windows Remote Procedure Call Runtime
  • Windows Resilient File System (ReFS)
  • Windows Secure Channel
  • Windows Secure Channel
  • Windows SmartScreen
  • Windows TPM
  • Windows Win32K


There are currently two active high risk vulnerabilities:

CVE-2023-24880  – The vulnerability can be exploited by using malicious MSI files that trigger security restriction bypass.

CVE-2023-23397 – The vulnerability can be exploited by sending malicious Outlook notes and tasks to steal NTLM hashes. 

Matsco recommends any affected systems are updated as soon as convenient 

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post