• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Microsoft Releases Windows Patches, Fixes Actively Exploited Zero-Day Vulnerabilities

Joined
May 30, 2015
Messages
1,942 (0.56/day)
Location
Seattle, WA
Microsoft today unleashed a slew of updates for its March Patch Tuesday to address around 80 security vulnerabilities in the wild. To begin, Windows 10 patches KB5023696 and KB5023697 address system and security issues in Windows 10 versions 22H2, 21H2, 21H1, 1809, and 1607 as well as Windows Server 2016. These are being deployed as non-optional updates and will be automatically installed via Windows Update (unless you run a modified or locked down install). Windows 10 1507 also received a small patch, KB5023713, which similarly addresses security fixes as well as hyperlinks in Excel.

Microsoft today also releases fixes for two critical zero-day vulnerabilities that were being actively exploited as far back as April of 2022. The two exploited vulnerabilities are CVE-2023-23397 and CVE-2023-24880. CVE-2023-23397 is an elevated privilege attack that allows crafting special emails that can force a target's device to connect to remote URLs and transmit the Windows account's Net-NTLMv2 hash. CVE-2023-24880 is a Windows SmartScreen vulnerability that can be exploited to create executables which bypass the Windows Mark of the Web security warning.




Microsoft states the following for CVE-2023-23397:
CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No user interaction is required. The connection to the remote SMB server sends the user's NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication. External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.

CVE-2023-23397 was initially flagged by CERT-UA (Computer Emergency Response Team of Ukraine) and disclosed by CERT-UA, Microsoft Incident, and Microsoft Threat Intelligence. In the disclosure the latter states:
Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe.

The report also states that the flaw affects all versions of Microsoft Outlook for Windows, however it has no affect on Outlook for Mac, iOS, Android, or Outlook on the web, as online services do not utilize NTLM authentication. Microsoft released a script that allows organizations to check if they have been targeted by the attack.

In regards to CVE-2023-24880 researchers Benoît Sevens and Vlad Stolyarov of the Google Threat Analysis Group as well as Microsoft share:
When you download a file from the internet, Windows adds the zone identifier or Mark of the Web (MOTW) as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check.

The attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return an error that results in bypassing the security warning dialog displayed to users when an untrusted file contains a Mark-of-the-Web (MotW), which indicates a potentially malicious file has been downloaded from the internet. TAG has observed over 100,000 downloads of the malicious MSI files since January 2023, with over 80% to users in Europe - a notable divergence from Magniber's typical targeting, which usually focuses on South Korea and Taiwan.

The full detailed report of disclosed security fixes for March 2023 is available to browse here. It's not exactly light reading.

View at TechPowerUp Main Site | Source
 
Joined
Feb 21, 2006
Messages
2,240 (0.33/day)
Location
Toronto, Ontario
System Name The Expanse
Processor AMD Ryzen 7 5800X3D
Motherboard Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Cc.
Cooling Corsair H150i Pro
Memory 32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s) XFX Radeon RX 7900 XTX Magnetic Air (24.12.1)
Storage WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s) LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB SE
Keyboard Corsair K100
Software Windows 10 Pro x64 22H2
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c 5800X3D https://valid.x86.fr/b7d
Do these windows updates right now!
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
27,963 (3.72/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
and a search bar suddenly appeared in my task bar, at least you can turn it off again
 
Joined
Sep 17, 2014
Messages
22,666 (6.05/day)
Location
The Washing Machine
System Name Tiny the White Yeti
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
VR HMD HD 420 - Green Edition ;)
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
Holy crap, so these fixes actively exploited zero day vulnerabilities.

That's scary AF
 
D

Deleted member 211755

Guest
This is why limiting and/or disabling Windows features is essential,
but having a good firewall set up is maybe even more so important.

I don't even use Microsoft account just because of situations like these
and that's just one of many, many security steps I took to secure my system.

For example, this is an obvious one,
when using a Windows PC,
you have to keep your admin account separated from the one you daily use.

Something which Linux does by default for many, many years now.
 
Joined
Oct 12, 2005
Messages
711 (0.10/day)
If Microsoft was a bit more transparent with Windows upgrade, less people would disable Windows update. But except that, there is no reason to disable them.


Also, it's probably not a coincidence that Windows 11 that enforce TPM is not affected by any of theses vulnerabilities. Those security things aren't just there to annoy you or to spy on you. (Or to prevent you from pirating your games or blue rays)
 
D

Deleted member 211755

Guest
If Microsoft was a bit more transparent with Windows upgrade, less people would disable Windows update. But except that, there is no reason to disable them.


Also, it's probably not a coincidence that Windows 11 that enforce TPM is not affected by any of theses vulnerabilities. Those security things aren't just there to annoy you or to spy on you. (Or to prevent you from pirating your games or blue rays)
Secure boot is more important than TPM. TPM is implemented to secure devices from physical access.
I have it disabled personally.
Windows update is very important as we can see from this article too,
but I also limited its "features" like using other people devices to speed up the download process.
That is strictly DISABLED on my system.

There's a lot of stuff which can be used to hack into a Windows PC.
One drive and Microsoft account are some of those
as is Microsoft Store and its built-in apps.
I have all of that completely removed from my system.
 
Joined
May 19, 2009
Messages
1,868 (0.33/day)
Location
Latvia
System Name Personal \\ Work - HP EliteBook 840 G6
Processor 7700X \\ i7-8565U
Motherboard Asrock X670E PG Lightning
Cooling Noctua DH-15
Memory G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s) ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage 2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s) BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case Fractal Design Define Arc Midi R2 with window
Audio Device(s) Realtek ALC1150 with Logitech Z533
Power Supply Corsair AX860i
Mouse Logitech G502
Keyboard Corsair K55 RGB PRO
Software Windows 11 \\ Windows 10
If Microsoft was a bit more transparent with Windows upgrade, less people would disable Windows update. But except that, there is no reason to disable them.


Also, it's probably not a coincidence that Windows 11 that enforce TPM is not affected by any of theses vulnerabilities. Those security things aren't just there to annoy you or to spy on you. (Or to prevent you from pirating your games or blue rays)

Microsoft could be 146% open with that and there still would be loads of people who think they know better and would disable them. Do not kid yourself, please.
Well, it gives me job security so whatever.
 
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
CVE-2023-1017 and CVE-2023-1018, both TPM-related, have been fixed. The most important of them all, CVE-2023-1017, the one that allowed for reading two bytes past the end of a TPM 2.0 command thus crashing the TPM module or even, in the worst situation, permanently corrupting it, has been fixed in this batch of updates.

Do not pass Go, don't collect $200, install this update now!!!
 
Joined
May 19, 2009
Messages
1,868 (0.33/day)
Location
Latvia
System Name Personal \\ Work - HP EliteBook 840 G6
Processor 7700X \\ i7-8565U
Motherboard Asrock X670E PG Lightning
Cooling Noctua DH-15
Memory G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s) ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage 2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s) BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case Fractal Design Define Arc Midi R2 with window
Audio Device(s) Realtek ALC1150 with Logitech Z533
Power Supply Corsair AX860i
Mouse Logitech G502
Keyboard Corsair K55 RGB PRO
Software Windows 11 \\ Windows 10
CVE-2023-1017 and CVE-2023-1018, both TPM-related, have been fixed. The most important of them all, CVE-2023-1017, the one that allowed for reading two bytes past the end of a TPM 2.0 command thus crashing the TPM module or even, in the worst situation, permanently corrupting it, has been fixed in this batch of updates.

Do not pass Go, don't collect $200, install this update now!!!
The Outlook one is far more critical, imho, looks like it is stupidly easily to exploit.
 
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
The Outlook one is far more critical, imho, looks like it is stupidly easily to exploit.
Yeah, but at least you can recover from that. Bricked hardware is an entirely different can of worms.
 
Joined
Feb 20, 2020
Messages
9,340 (5.29/day)
Location
Louisiana
System Name Ghetto Rigs z490|x99|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor 10900k w/Optimus Foundation | 5930k w/Black Noctua D15
Motherboard z490 Maximus XII Apex | x99 Sabertooth
Cooling oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block | Blk D15
Memory Trident-Z Royal 4000c16 2x16gb | Trident-Z 3200c14 4x8gb
Video Card(s) Titan Xp-water | evga 980ti gaming-w/ air
Storage 970evo+500gb & sn850x 4tb | 860 pro 256gb | Acer m.2 1tb/ sn850x 4tb| Many2.5" sata's ssd 3.5hdd's
Display(s) 1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case D450 | Cherry Entertainment center on Test bench
Audio Device(s) Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply EVGA 1000P2 with APC AX1500 | 850P2 with CyberPower-GX1325U
Mouse Redragon 901 Perdition x3
Keyboard G710+x3
Software Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores Are in the benchmark section
The Outlook one is far more critical, imho, looks like it is stupidly easily to exploit.
Hi,
Yeah click to run lol

If Microsoft was a bit more transparent with Windows upgrade, less people would disable Windows update. But except that, there is no reason to disable them.


Also, it's probably not a coincidence that Windows 11 that enforce TPM is not affected by any of theses vulnerabilities. Those security things aren't just there to annoy you or to spy on you. (Or to prevent you from pirating your games or blue rays)
This is added to a so called "security update" lol this kind of bloat is why a lot of people, me included wait until the dust settles before installing updates
Yeah these all lock really important but reality is they are just more holes opened :laugh:
Other improvements or additional features
Introducing Phone Link for iOS in preview
Android® phone users get an even richer experience
Broadcast your best self, right when you need to with advanced AI
Connect in more ways with a simple click
Providing help is easier than ever with the redesigned Quick Assist app
More of the news and information you care about is just a swipe away
Enhancing your touch experience
Screen recording in Snipping Tool
Tabs make navigating Notepad easier than ever
New accessibility features include Braille display support and enhanced voice access in key apps
New energy recommendations make it easier for you to control your environmental impact
Harness the power of AI to find the files you need recommended in your Start menu
Access your Cloud PC with the new Windows 365 app

Think W1zzard said he got an all important search box back on his taskbar lol

and a search bar suddenly appeared in my task bar, at least you can turn it off again
Probably one day we won't.
 
Last edited:
Joined
Dec 26, 2006
Messages
3,862 (0.59/day)
Location
Northern Ontario Canada
Processor Ryzen 5700x
Motherboard Gigabyte X570S Aero G R1.1 BiosF5g
Cooling Noctua NH-C12P SE14 w/ NF-A15 HS-PWM Fan 1500rpm
Memory Micron DDR4-3200 2x32GB D.S. D.R. (CT2K32G4DFD832A)
Video Card(s) AMD RX 6800 - Asus Tuf
Storage Kingston KC3000 1TB & 2TB & 4TB Corsair MP600 Pro LPX
Display(s) LG 27UL550-W (27" 4k)
Case Be Quiet Pure Base 600 (no window)
Audio Device(s) Realtek ALC1220-VB
Power Supply SuperFlower Leadex V Gold Pro 850W ATX Ver2.52
Mouse Mionix Naos Pro
Keyboard Corsair Strafe with browns
Software W10 22H2 Pro x64
upgrade to windows 12 instead!!!
 
Joined
Sep 17, 2014
Messages
22,666 (6.05/day)
Location
The Washing Machine
System Name Tiny the White Yeti
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling CPU: Thermalright Peerless Assassin / Case: Phanteks T30-120 x3
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
VR HMD HD 420 - Green Edition ;)
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
I'm rolling back to 95. Ignorance is bliss
 
Top