My TechDecisions Podcast Episode 190: March 2023 Patch Tuesday
Satnam Narang, senior staff research engineer at Tenable, joins the podcast to discuss Microsoft's March 2023 Patch Tuesday.
In this episode of the My TechDecisions Podcast, we discuss the March 2023 Patch Tuesday security updates from Microsoft with Satnam Narang, a senior staff research engineer at Tenable.
According to Narang, IT admins should largely be focusing on two vulnerabilities that are being exploited in the wild, including an Outlook spoofing bug discovered by Ukrainian researchers and a Windows SmartScreen security feature bypass flaw that is reportedly being used to deploy ransomware.
While Narang dives deeper into the bugs, here is some information about them:
CVE-2023-23397 – Microsoft Outlook Spoofing Vulnerability
This bug is getting a lot of attention from security researchers. The bug gets a CVSSv3 score of 9.8 and has been exploited in the wild, which makes this a top priority for IT and security admins this month. The vulnerability is exploited by sending a malicious email to a vulnerable version of Outlook. When the server processes the email, a connection to an attacker-controlled device is established to leak the Net-NTLMv2 hash of the email recipient. This allows the attacker to use the hash to authenticate as the victim recipient in an NTLM relay attack.
What makes this even more interesting is that the discovery of this vulnerability is credited to the Computer Emergency Response Team of Ukraine and Microsoft researchers. Given what is currently happening in Ukraine, this bug could be significant.
CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability
This is the other vulnerability listed as under active attack, but it doesn’t appear to be as severe as the Outlook spoofing bug. This allows attackers to create files that can bypass Mark of the Web protections, rendering features like SmartScreen and Protected View in Microsoft Office useless and allowing threat actors to spread malware via crafted documents and other files.
This bug was discovered by Google’s Threat Analysis Group (TAG), which says ransomware groups are using the vulnerability to deliver the magniber ransomware without any security warnings.
Other notable bugs include an ICMP remote code execution vulnerability and an HTTP protocol state remote code execution bug.
Microsoft also released fixes for 74 other vulnerabilities, including 25 remote code execution bugs.
For more information on the March 2023 Patch Tuesday release, consult Microsoft’s Security Update Guide and analysis from Tenable.
Listen to this podcast using the embedded player below.
If you enjoyed this podcast and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply