Subscribe

Microsoft issues fixes for March’s Patch Tuesday 

March 16, 2023

Microsoft has released its March Patch Tuesday, which includes new fixes for 74 bugs, two of which are already actively exploited, and nine of which are rated critical.

The bugs in each vulnerability category are as follows: 21 Elevation of Privilege Vulnerabilities, 2 Security Feature Bypass Vulnerabilities, and 2 Remote Code Execution Vulnerabilities. There are 27 remote code execution vulnerabilities. 15 Vulnerabilities in Information Disclosure, 4 Vulnerabilities in Denial of Service, 10 Vulnerabilities in Spoofing, and 1 Vulnerability in Edge – Chromium

CVE-2023-23397, a security flaw discovered in Microsoft Outlook, affects all versions of the software from 2013 to the most recent version. According to Microsoft, the vulnerability has been exploited by attackers, who can exploit it without requiring any user interaction. This can be accomplished by sending a specially crafted email that activates automatically when it is retrieved by the email server, even before the email is opened in the Preview Pane.

“External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers’ control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.,” reads Microsoft’s advisory.

Another vulnerability that was patched is one currently being targeted by attackers is a security feature bypass in Windows SmartScreen (CVE-2023-24880, CVSS score: 5.1). This flaw involves a vulnerability that could be used to bypass Mark-of-the-Web (MotW) protections when opening files downloaded from the internet that are considered untrustworthy. This vulnerability is the result of a recent patch issued by Microsoft to address another SmartScreen bypass vulnerability (CVE-2022-44698, CVSS score: 5.4) that was discovered last year and exploited by attackers to deliver Magniber ransomware for financial gain.

“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,” reads Microsoft’s advisory.

The sources for this piece include an article in TheRegister.

Top Stories

Oracle begins mass layoffs to fund $156 billion AI infrastructure push

OpenAI brings in Smartly to shape how ads work inside ChatGPT

Quantum breakthrough researchers cut required qubits from millions to thousands

Anthropic coding tool exposes full source code again after packaging error

Cisco breach exposes 300+ repos after supply chain attack

OpenAI cuts Sora with $1M-a-day costs to free up resources for core AI models

Related Articles

Anthropic coding tool exposes full source code again after packaging error

April 1, 2026 Anthropic has inadvertently exposed the full source code of its Claude Code tool for the second time more...

Cisco breach exposes 300+ repos after supply chain attack

April 1, 2026 Cisco suffered a cyberattack after attackers used stolen credentials from a compromised developer tool to access its more...

New Google update targets sensitive data exposure in search results

March 30, 2026 Google has expanded its “Results about you” tool, allowing users to remove highly sensitive personal data, including more...

GitHub Copilot to train on user data by default 

March 27, 2026 Microsoft is updating GitHub Copilot to train on real-world developer interactions, expanding beyond public code datasets to more...

Picture of TND Newsdesk

TND Newsdesk

Picture of TND Newsdesk

TND Newsdesk

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.