“The March 2023 Patch Tuesday release includes fixes for 76 CVEs — nine rated critical, 66 rated important and one rated moderate. Tenable omitted four CVEs from our count that were assigned by GitHub.
“This month, Microsoft addressed two zero-day vulnerabilities that were exploited in the wild by attackers, which include an elevation of privilege flaw and a security feature bypass vulnerability.
“CVE-2023-23397 is a spoofing vulnerability in Microsoft Outlook that was exploited in the wild. While we often look for vulnerabilities in Outlook that are capable of being triggered by the Preview Pane functionality of the software, an attacker could exploit this vulnerability just by sending an email to a potential target. This is because the vulnerability is triggered on the email server side, meaning exploitation would occur before a victim views the malicious email. An attacker could exploit this vulnerability to leak a user’s Net-NTLMv2 hash and conduct an NTLM Relay Attack in order to authenticate back as the user. Notably, this vulnerability is credited to the Computer Emergency Response Team of Ukraine (CERT-UA), which could imply that it may have been exploited in the wild against Ukrainian targets. Microsoft research teams were also credited with the discovery of this flaw.
“CVE-2023-24880 is a security feature bypass of the Windows SmartScreen feature built-in to Windows that works with its Mark of the Web (MOTW) functionality to flag files downloaded from the internet. It was both exploited in the wild and publicly disclosed prior to a patch being available. An attacker could create a specially crafted file that exploits this flaw, resulting in the bypass of MOTW security features, such as Microsoft Office Protected View. It was credited to both researchers at Microsoft (Bill Demirkapi) and Google’s Threat Analysis Group (Benoît Sevens and Vlad Stolyarov).” – Satnam Narang, Sr. Staff Research Engineer, Tenable