
Microsoft releases 73 fixes this month including 6 Critical and 2 Weaponised Threats
There are 6 Critical, 66 Important and just 1 Moderate fix this month.
Microsoft Windows, Components, Office and Office Components, Edge, Microsoft Dynamics, Visual Studio and Azure have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “We have a pair of Weaponised vulnerabilities to fix this month and we also have a very large number of fixes impacting PostScript and PCL6 Class Printer Drivers. Careful testing must be done to ensure no printing issues are experienced following patching. We also have 5 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, March has a combined CVSS score of 529.6 down from 565.9 last month.
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2023-24880 Windows SmartScreen Security Feature Bypass Vulnerability
When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. When you run the file, Windows SmartScreen checks if there is a zone identifier “Alternate Data Stream (ADS)” attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check.
Note: The vulnerability is being Weaponised
Syxscore
- Vendor Severity: Moderate
- CVSS: 5.4
- Weaponised: Yes
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): Unchanged / No
CVE-2023-23397 Microsoft Outlook Spoofing Vulnerability
The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the email server. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.
Note: The vulnerability is being Weaponised
Syxscore
- Vendor Severity: Important
- CVSS: 9.1
- Weaponised: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
CVE-2023-23392 HTTP Protocol Stack Remote Code Execution Vulnerability
In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: Yes
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
Reference |
Description |
Vendor Severity |
CVSS Score |
Weaponised |
Publicly Aware |
Countermeasure |
Vulnerability Impact |
Likelihood of Weaponization |
Additional Details |
CVE-2023-24880 |
Windows SmartScreen Security Feature Bypass Vulnerability |
Moderate |
5.4 |
Yes |
Yes |
No |
Security Feature Bypass |
Detected |
|
CVE-2023-23397 |
Microsoft Outlook Spoofing Vulnerability |
Important |
9.1 |
Yes |
No |
No |
Spoofing |
Detected |
The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the email server. This could lead to exploitation BEFORE the email is viewed in the Preview Pane. |
CVE-2023-21708 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Critical |
9.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
Blocking TCP port 135 at the enterprise perimeter firewall is a recommended best practice that could reduce the likelihood of some potential attacks against this vulnerability. |
CVE-2023-23392 |
HTTP Protocol Stack Remote Code Execution Vulnerability |
Critical |
9.8 |
Yes |
No |
Yes - Enabling HTTP/3 done via a registry key. |
Remote Code Execution |
More Likely |
|
CVE-2023-23415 |
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
Critical |
9.8 |
No |
No |
No |
Remote Code Execution |
More Likely |
An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket. |
CVE-2023-23388 |
Windows Bluetooth Driver Elevation of Privilege Vulnerability |
Important |
8.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
Scope = Changed, Jump Point = True |
CVE-2023-23403 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23406 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
CVE-2023-23413 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24864 |
Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability |
Important |
8.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an elevation of privilege attack on the machine. |
CVE-2023-24867 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24868 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
CVE-2023-24871 |
Windows Bluetooth Service Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24872 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24876 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24907 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24909 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24913 |
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
CVE-2023-23416 |
Windows Cryptographic Services Remote Code Execution Vulnerability |
Critical |
8.4 |
No |
No |
No |
Remote Code Execution |
More Likely |
|
CVE-2023-23383 |
Service Fabric Explorer Spoofing Vulnerability |
Important |
8.2 |
No |
No |
No |
Spoofing |
Less Likely |
Scope = Changed, Jump Point = True |
CVE-2023-23404 |
Windows Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability |
Critical |
8.1 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23405 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Important |
8.1 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24869 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Important |
8.1 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-24908 |
Remote Procedure Call Runtime Remote Code Execution Vulnerability |
Important |
8.1 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23399 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23401 |
Windows Media Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23402 |
Windows Media Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23410 |
Windows HTTP.sys Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
More Likely |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-23412 |
Windows Accounts Picture Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-23417 |
Windows Partition Management Driver Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-23418 |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-23419 |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-23420 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-23421 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-23422 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-23423 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-24910 |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
|
CVE-2023-24930 |
Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-24859 |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
No |
Denial of Service |
Less Likely |
|
CVE-2023-23400 |
Windows DNS Server Remote Code Execution Vulnerability |
Important |
7.2 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23398 |
Microsoft Excel Security Feature Bypass Vulnerability |
Important |
7.1 |
No |
No |
No |
Security Feature Bypass |
More Likely |
|
CVE-2023-23407 |
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
Important |
7.1 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23414 |
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
Important |
7.1 |
No |
No |
No |
Remote Code Execution |
Less Likely |
|
CVE-2023-23385 |
Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability |
Important |
7.0 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. |
CVE-2023-23393 |
Windows Broker Infrastructure Service Elevation of Privilege Vulnerability |
Important |
7.0 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
CVE-2023-24861 |
Windows Graphics Component Elevation of Privilege Vulnerability |
Important |
7.0 |
No |
No |
No |
Elevation of Privilege |
More Likely |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
CVE-2023-23411 |
Windows Hyper-V Denial of Service Vulnerability |
Critical |
6.5 |
No |
No |
No |
Denial of Service |
Less Likely |
Scope = Changed, Jump Point = True |
CVE-2023-24856 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24857 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24858 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24863 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24865 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24866 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24870 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24890 |
Microsoft OneDrive for iOS Security Feature Bypass Vulnerability |
Important |
6.5 |
No |
No |
No |
Security Feature Bypass |
Less Likely |
|
CVE-2023-24906 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24911 |
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24922 |
Microsoft Dynamics 365 Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
This vulnerability causes a verbose error message that could provide attacker with enough information to construct a malicious payload. |
CVE-2023-23389 |
Microsoft Defender Elevation of Privilege Vulnerability |
Important |
6.3 |
No |
No |
No |
Elevation of Privilege |
Less Likely |
|
CVE-2023-23391 |
Office for Android Spoofing Vulnerability |
Important |
5.5 |
No |
No |
No |
Spoofing |
Less Likely |
An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate link or file to trick the victim. |
CVE-2023-23394 |
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. |
CVE-2023-23396 |
Microsoft Excel Denial of Service Vulnerability |
Important |
5.5 |
No |
No |
No |
Denial of Service |
Less Likely |
|
CVE-2023-23409 |
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
CVE-2023-24862 |
Windows Secure Channel Denial of Service Vulnerability |
Important |
5.5 |
No |
No |
No |
Denial of Service |
Less Likely |
|
CVE-2023-24882 |
Microsoft OneDrive for Android Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
|
CVE-2023-24923 |
Microsoft OneDrive for Android Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
No |
Information Disclosure |
Less Likely |
|
CVE-2023-24879 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Important |
5.4 |
No |
No |
No |
Spoofing |
Less Likely |
|
CVE-2023-24891 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Important |
5.4 |
No |
No |
No |
Spoofing |
Less Likely |
Scope = Changed. Jump Point = True |
CVE-2023-24919 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Important |
5.4 |
No |
No |
No |
Spoofing |
Less Likely |
Scope = Changed, Jump Poiint = True |
CVE-2023-24920 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Important |
5.4 |
No |
No |
No |
Spoofing |
Less Likely |
Scope = Changed, Jump Poiint = True |
CVE-2023-23408 |
Azure Apache Ambari Spoofing Vulnerability |
Important |
4.5 |
No |
No |
No |
Spoofing |
Less Likely |
|
CVE-2023-24921 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Important |
4.1 |
No |
No |
No |
Spoofing |
Less Likely |
Scope = Changed, Jump Poiint = True |
CVE-2023-23395 |
Microsoft SharePoint Server Spoofing Vulnerability |
Important |
3.1 |
No |
No |
No |
Spoofing |
Less Likely |