Patch Tuesday – 9 critical CVEs & 2 zero-day vulnerabilities
For March, Microsoft released 76 CVEs new patches which is still more than expected for the third month of 2023. Out of all patches released, 9 are rated critical and 2 have been seen exploited in the wild. It’s also a bit unusual that half of them are addressing remote code execution (RCE) bugs.
Let’s take a closer look at the most interesting updates for this month.
Notable Critical Microsoft Vulnerabilities
Windows Hyper-V Denial of Service Vulnerability:
- CVE-2023-23411 is a Denial of Service Vulnerability affecting Hyper-V. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability:
- CVE-2023-23415 is a RCE vulnerability affecting ICMP that could be exploited by attackers through the use of a low-level protocol error containing a fragmented IP packet embedded with another ICMP packet in the header, directed towards the target machine. To activate the vulnerable code path, an application on the target system must be bound to a raw socket.
Windows Point-to-Point (P2P) Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-23404 is a RCE affecting P2P tunneling protocol. An unauthenticated attacker has the potential to exploit this vulnerability by sending a connection request specially crafted to a remote access server (RAS). This could potentially lead to a remote code execution on the targeted RAS machine.
Windows Cryptographic Services Remote Code Execution Vulnerability
- CVE-2023-23416 is a RCE Vulnerability that can be exploited if a malicious certificate is imported on an affected system. It has been rated as “less likely exploitable” because an attacker could achieve this by either uploading a certificate to a service that processes or imports certificates, or by persuading an authenticated user to import into their system.
HTTP Protocol Stack Remote Code Execution Vulnerability
- CVE-2023-23392 is another RCE Vulnerability affecting HTTP Protocol Stack in Windows 11 and Windows Server 2022. By utilizing the HTTP Protocol Stack (http.sys) to process packets, an unauthenticated attacker could send a specifically tailored packet to the targeted server.
Remote Procedure Call (RPC) Runtime Remote Code Execution Vulnerability
- CVE-2023-21708 is a RCE Vulnerability impacting RPC that could result in remote code execution on the server-side with the same permissions as the operating RPC service.
TPM2.0 Module Library Elevation of Privilege Vulnerability
- CVE-2023-1017 and CVE-2023-1018 are affecting the TPM2.0 Module Library. An out-of-bound write vulnerability allows the writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. If successfully exploited, an attacker can execute arbitrary code in the TPM context that can lead to denial of service by crashing the TPM chip/process or rendering it inoperable.
An actively exploited zero-day vulnerability covered by Runecast Analyzer is CVE-2023-24880 which is rated as Moderate and affects Windows SmartScreen. An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of security features like Protected View in Microsoft Office which depend on MOTW tagging. Microsoft explained: “When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check.”
It is highly recommended to keep all systems up to date in order to mitigate or minimize the risk of an unfortunate event.
Details of all 76 vulnerabilities are shown in the table below.
Runecast protects you against all of these
At Runecast we ensure that all operating systems vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.
Runecast is an AI-powered platform that gives you complete visibility and control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, security and compliance to ensure every aspect of your environment is protected. In addition, Runecast also provides explicit instructions and generates custom remediation scripts, ensuring rapid compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Google Cloud, Kubernetes, and VMware environments and operates securely on-premises.
Meet other Runecasters here:
Run Secure and Compliant Workloads Anywhere
Detect and assess risks and be fully compliant in minutes.