Today is the second Tuesday of March 2023 and it’s time to check out the latest security updates from Microsoft. As part of this month’s patch update, Microsoft Fixes 80 vulnerabilities that impact several products in its portfolio. Where 9 of them are classified as ‘Critical’ as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing, and four of them are rated Moderate in severity, and the remaining 70 are Important. Two actively exploited vulnerabilities were reported by the vendor: Microsoft Outlook privilege escalation flaw (CVE-2023-23397, CVSS score: 9.8) and a Windows SmartScreen security feature bypass (CVE-2023-24880, CVSS score: 5.1).
Microsoft patched 80 CVEs in its March 2023 Patch Tuesday Release, with nine rated as critical and 70 rated as important.
Microsoft March 2023 Patch Tuesday
With today’s update, Microsoft patched several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, Spoofing and Tampering.
The number of bugs in each vulnerability category is listed below:
Vulnerability Category | Quantity | Severities |
---|---|---|
Spoofing Vulnerability | 10 | Important: 6 |
Denial of Service Vulnerability | 4 | Important: 3 Critical: 1 |
Elevation of Privilege Vulnerability | 21 | Important: 18 Critical: 3 |
Information Disclosure Vulnerability | 15 | Important: 15 |
Remote Code Execution Vulnerability | 27 | Important: 22 Critical: 5 |
Security Feature Bypass Vulnerability | 2 | Important: 1 |
in addition 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks.
A crucial part of this month’s security updates consists of patches for two actively exploited zero-day vulnerabilities, which was publicly disclosed.
- CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability
- CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2023-1017 and CVE-2023-1018 – TPM2.0 Module Library Elevation of Privilege Vulnerability
- CVE-2023-21708 – Remote Procedure Call Runtime Remote Code Execution Vulnerability
- CVE-2023-23392 – HTTP Protocol Stack Remote Code Execution Vulnerability
- CVE-2023-23404 – Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-23411 – Windows Hyper-V Denial of Service Vulnerability
- CVE-2023-23415 – Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
- CVE-2023-23416 – Windows Cryptographic Services Remote Code Execution Vulnerability
Recent updates from other companies
Other vendors who released updates in February 2023 include:
- Apple released a security update for GarageBand for macOS 10.4.8.
- Cisco released security updates for multiple products.
- Google released the Android March 2023, ChromeOS, and Google Chrome security updates.
- Fortinet released a security update for a FortiOS bug that is actively exploited in attacks.
- SAP has released its March 2023 Patch Day updates.
- Veeam released security updates for a RCE flaw in Veeam Backup & Replication (VBR).
Windows security updates
In addition to Microsoft security updates, this March 2023 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5023706 and KB5023698 for windows 11 and KB5023696 for windows 10 version 22H2. So if you are running any of these windows versions make sure you update them as you install the new patches.
Windows 11 KB5023706 and KB5023698
Today’s cumulative update KB5023706 brings the moment 2 updates and advances the build number to 22621.1413. Windows 11 KB5023706 brings moment features, including tabbed Notepad, Phone Link for iOS, a searchable Task Manager, the tablet-optimized taskbar, screen recording in the Snipping Tool, Voice Assist, and much more.
In addition, Microsoft noted KB5023706 and KB5023698 addresses security issues for your Windows operating system. Also, Fixes an issue that affects a computer account and Active Directory. When you reuse an existing computer account to join an Active Directory domain, joining fails.
- A bug that randomly stopped users from signing in or signing out has been fixed.
- This update addresses an issue that changes the Color filters setting to Grayscale when you select Inverted.
- For IE mode users, Microsoft has addressed an issue that sometimes makes text on the status bar invisible.
- Microsoft fixed an issue causing a blue screen during video playback after setting high dynamic range (HDR) on your display.
- Microsoft fixed an issue that might prevent you from using a touch keyboard and the PIN entry keyboard to sign in to your device.
- This update addresses an issue that affects which folders appear in the Browse for Folder picker.
- A file explorer issue that fails to move the input focus when using Shift+Tab or Shift+F6 has been fixed.
- The volume up and down commands from a Bluetooth keyboard are now displayed in the Windows user interface.
- This update addresses an issue that affects Xbox subscriptions when you buy a subscription using the “Redeem code” option, and recurring billing is off.
Microsoft noted three known issues with these updates, the first of them impacts provisioning packages, while the second makes it harder to copy large files on devices that have already been updated to version 2022 Update.
In addition, a bug prevents some users from downloading Windows 11 version 22H2 through Windows Server Update Services (WSUS) servers.
You can read the complete changelog Microsoft support blog here.
Windows 10 KB5023696 and KB5023702
Cumulative update KB5023696 for Windows 10, This update contains miscellaneous security improvements to internal OS functionality. Microsoft is busy with the development of Windows 11, today’s update windows 10 OS build 19045.2728 actually comes with a few noticeable changes, including bug fix for an issue that cause Explorer and taskbar to stop responding.
- his update improves your experience when you use Windows Spotlight on your lock screen. The informational links open faster.
- This update addresses an issue that affects IE mode. The text on the status bar is not always visible.
- This update addresses accessibility issues. They affect Narrator on the Settings home page.
- This update addresses an issue that stops hyperlinks from working in Microsoft Excel.
- This update addresses an issue that affects a certain streaming app. The issue stops video playback after an advertisement plays in the app.
You can read the complete changelog Microsoft support blog here.
Download the Windows 10 Cumulative update
All these Security updates Automatically download and get installed on your device via Windows update. If your device has not received it yet open Settings, Update & Security and Check for updates. Once done restart your Device to apply the updates.
- Windows 11 KB5023706 (Version 22H2) offline installer Direct Download Link 64-bit.
- Windows 11 KB5023698 (Version 21H2) offline installer Direct Download Link 64-bit.
- Windows 10 KB5023696 (For versions 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).
- Windows 10 KB5023702 (version 1809) 64-bit | Download and 32-bit | Download
The above link directly opens the Microsoft Update Catalog which is the library of Windows Update offline installers. You need to click on the ‘Download’ button next to the version of the OS installed on your machine and run the .msu files to begin the installation of the update.
If you face any difficulty while installing these updates check how to fix Windows 10 Update installation problems.
Also Read:
- WiFi disconnects automatically after the windows 10 update? Try these solutions
- How To Flush and Reset the DNS Cache in Windows 10
- How To Uninstall Windows 10 Built-in apps with PowerShell
- Automatically Disable the touchpad when the mouse is connected to windows 10
- Download the Latest Windows 10 ISO (Direct from the Microsoft server)