Register for the webinar Bridging the Board - CISO Gap

Patch Tuesday Patch Tuesday

March 14, 2023

Patch Tuesday Update - March 2023

Don’t rely on the luck of the Irish when comes to protecting your cybersecurity environment. Pay attention to this month’s, Microsoft Patch Tuesday announcement. This month, Microsoft announced patches for 80 new vulnerabilities, including 9 that Microsoft has rated critical, and 2 zero-day (CVE-2023-23397, CVE-2023-24880). This release also included updates to 4 previously released CVEs and one Advisory.

Of the 80 new vulnerabilities, 67 have Knowledgebase (KB) fixes, 9 have release notes associated with them and 4 have updates required from the Microsoft Appstore.

The headline issues this month are once again the known exploitable zero-day CVEs:

  • CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability
  • CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability

Breaking down the 80 vulnerabilities further, we can see that remote code execution and elevation of privileges lead the way again this month in terms of impact type.

 

Breakdown of CVEs by impact type

 

Furthermore, as can be see below, these vulnerabilities vary in terms of how likely they are to be exploited, with 10% of the vulnerabilities this month either already exploited or highly likely to be exploited.

 

Breakdown of CVEs by exploit likelihood

 

As always, Balbix can identify all affected assets within 1 hour of release. There are no scans to run. Balbix customers simply search for the CVE name in their Balbix dashboard to view the list of affected assets. Filtered search functionality can also be used to search for the CVE by site, subnet, location, or other distinguishing factors.