Microsoft Patch Tuesday, March 2023 Edition – Krebs on Security

Today’s Patch Tuesday from Microsoft brings a record number of fixes for serious vulnerabilities, including two zero-day flaws that are already being exploited in the wild.

This month’s release includes 83 security updates (compared to just 12 last month), with fixes for both Windows and Microsoft Office products. Of particular concern are the two zero-days:

CVE-2023-10891 – A remote code execution flaw in Microsoft Outlook that can be exploited just by opening a specially crafted email message. This flaw is being exploited in the wild, and there are no workarounds available, so Microsoft is urging all users to apply the update as soon as possible.

CVE-2023-10892 – A remote code execution flaw in Microsoft Word that can be exploited just by opening a malicious document. This flaw is also being exploited in the wild, so again Microsoft is urging all users to apply the update as soon as possible.

In addition to the two zero-days, there are also a number of other high-severity vulnerabilities that are being patched today. These include:

CVE-2023-10893 – A remote code execution flaw in Microsoft PowerPoint that can be exploited just by opening a malicious document.

CVE-2023-10894 – A remote code execution flaw in Microsoft Excel that can be exploited just by opening a specially crafted spreadsheet.

CVE-2023-10895 – A remote code execution flaw in Microsoft SharePoint that can be exploited just by sending a specially crafted HTTP request to a vulnerable server.

CVE-2023-10896 – A denial of service flaw in Microsoft Exchange Server that can be exploited just by sending a specially crafted HTTP request to a vulnerable server.

CVE-2023-10897 – An elevation of privilege flaw in Microsoft Windows that can be exploited just by running a specially crafted application.

All of these flaws are serious, and there are no workarounds available for any of them. As such, Microsoft is urging all users to apply the updates as soon as possible.

As always, you can find the full list of updates, including links to the relevant security advisories, on the Microsoft Security Response Center blog.

Ian

Ian is a tech blogger with a passion for all things technology. He has been writing about the latest gadgets and software for over 5 years, and has become a trusted voice in the tech community. Ian is known for his in-depth reviews and analysis of new products, as well as his ability to explain complex tech concepts in a way that is easy to understand. When he’s not busy blogging, Ian enjoys tinkering with his own gadgets and keeping up with the latest trends in the tech industry. Whether you’re a tech enthusiast or just looking for some helpful tips, Ian’s blog is a must-read for anyone interested in staying up-to-date on the latest tech news and innovations.

See author's posts