March 2023 Patch Tuesday: Two actively exploited zero days disclosed
Microsoft has released 80 security patches for its March 2023 Patch Tuesday rollout. The patches include 9 Critical, 70 Important, and 1 Moderate vulnerabilities.
Additionally, there are two actively exploited zero-day vulnerabilities: a Critical elevation of privilege within Microsoft Outlook (CVE-2023-23397) and a Moderate security feature bypass within Windows SmartScreen (CVE-2023-24880).
A specially crafted email could allow an external attacker to obtain the Net-NTLMv2 hash of the victim, which could then be used to authenticate as the victim on another service.
Microsoft says that this Outlook vulnerability was exploited by STRONTIUM, a state-sponsored Russian hacking group.
An attacker can create a malicious file that could bypass Mark of the Web (MOTW) defenses, resulting in a limited loss of security feature availability such as Protected View in Microsoft Office that rely on MOTW tagging. Windows SmartScreen checks if a downloaded file has a zone identifier Alternate Data Stream (ADS) attached to it, and if the ADS indicates ZoneId=3 (indicating that the file was downloaded from the internet), the SmartScreen performs a reputation check.