The March 2023 Patch Tuesday webinar hosted by Ivanti highlighted the resolution of 80 new CVEs by Microsoft, including two zero-day exploits affecting Microsoft Office and Windows SmartScreen, with Mozilla also releasing updates for Firefox addressing 13 vulnerabilities. Key vulnerabilities discussed include a Windows SmartScreen bypass and a critical Microsoft Outlook elevation of privilege vulnerability. The webinar provided updates on various impacted products and known issues related to the updates, emphasizing the importance of immediate patching for security.

1. Patch Tuesday Webinar
Wednesday, March 15, 2023
Hosted by Chris Goettl and Todd Schell

2. Agenda
March 2023 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

3. Overview

4. Copyright © 2023 Ivanti. All rights reserved.
March Patch Tuesday 2023
Microsoft has resolved 80 new CVEs this month including two confirmed zero-day exploits that impact
Microsoft Office and Windows Smart Screen. Both exploits are user targeted. Mozilla has also released updates
for Firefox and Firefox ESR resolving 13 unique CVEs. Priorities for this month are Microsoft Office and 365 Apps,
and the Windows OS.

5. In the News

6. Copyright © 2023 Ivanti. All rights reserved.
In the News
§ Silicon Valley Bank collapse poses challenge for cybersecurity defenders,
firms
§ https://www.washingtonpost.com/politics/2023/03/15/silicon-valley-bank-collapse-poses-challenge-cybersecurity-defenders-firms/
§ More than 280 blockchains at risk of ‘zero-day’ exploits, warns security
firm
§ https://www.infosecurity-magazine.com/news/uk-crypto-firm-loses-200m/
§ https://cointelegraph.com/news/more-than-280-blockchains-at-risk-of-zero-day-exploits-warns-security-firm
§ ChatGPT Powered Polymorphic Malware Bypasses Endpoint Detection
Filters
§ https://cybersecuritynews.com/chatgpt-powered-polymorphic-malware/
§ Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day
§ https://www.securityweek.com/adobe-warns-of-very-limited-attacks-exploiting-coldfusion-zero-day/
§ Fortinet: New FortiOS bug used as zero-day to attack govt networks
§ https://www.bleepingcomputer.com/news/security/fortinet-new-fortios-bug-used-as-zero-day-to-attack-govt-networks/

7. Copyright © 2023 Ivanti. All rights reserved.
In the News
§ Windows 11 Moment 2 Features Update
§ https://blogs.windows.com/windowsexperience/2023/02/28/introducing-a-big-
update-to-windows-11-making-the-everyday-easier-including-bringing-the-new-ai-
powered-bing-to-the-taskbar/
§ New Search Box and AI-Powered Bing
§ Phone Link for iOS
§ Enhanced touch screen experience
§ Major upgrades to Notepad
§ No reported security changes
§ Included in the March cumulative update
§ How to block Moment features: https://oofhours.com/2023/03/02/want-to-block-
windows-11-moments-that-add-new-features/

8. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited and Publicly Disclosed Vulnerability
§ CVE-2023-24880 Windows SmartScreen Security Feature Bypass
Vulnerability
§ CVSS 3.1 Scores: 5.4 / 5.0
§ Severity: Moderate
§ Windows 10, Windows 11, and Server 2016, Server 2019, Server 2022
§ Per Microsoft - “An attacker can craft a malicious file that would evade Mark of the Web
(MOTW) defenses, resulting in a limited loss of integrity and availability of security features
such as Protected View in Microsoft Office, which rely on MOTW tagging.”

9. Copyright © 2023 Ivanti. All rights reserved.
Known Exploited Vulnerability
§ CVE-2023-23397 Windows Outlook Elevation of Privilege Vulnerability
§ CVSS 3.1 Scores: 9.8 / 9.1
§ Severity: Critical
§ Outlook 2013 & 2016, Office 2016, 2019 & LTSC 2022, Office 365 Apps
§ Per Microsoft - “An attacker who successfully exploited this vulnerability could access a
user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against
another service to authenticate as the user.”

10. Copyright © 2023 Ivanti. All rights reserved.
Known Publicly Disclosed Vulnerability
§ CVE-2022-43552 Open-Source Curl Remote Code Execution Vulnerability
§ CVSS 3.1 Scores: 5.9 / 5.9
§ Severity: Important
§ Windows 10, Windows 11, and Server 2016, Server 2019, Server 2022
§ Per NIST - “A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel*
virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do)
deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or
TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer
shutdown code path.”

11. Copyright © 2023 Ivanti. All rights reserved.
Reissued Microsoft Exchange Update
§ Description of the security update for Microsoft Exchange Server 2019, 2016,
and 2013: March 14, 2023 (KB 5024296)
§ CVE-2023-21707 Microsoft Exchange Server Remote Code Execution Vulnerability
§ Per Microsoft - “We are re-releasing this CVE to inform customers that there are new
updates to install for this vulnerability. A small subset of customers were experiencing
problems with Exchange Web Services due to the updates that were released in February.
The new updates address these problems. Customers who are experiencing issues with the
February updates are encouraged to install the March Exchange Server updates listed in the
Security Updates table.”

12. Copyright © 2023 Ivanti. All rights reserved.
Microsoft Patch Tuesday Updates of Interest
§ Advisory 990001 Latest Servicing Stack Updates (SSU)
§ https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
§ Windows Server 2012/2012 R2, Windows 10, and Windows 10 Version 1607/Server 2016
§ Azure and Development Tool Updates
§ Azure HDInsights
§ Azure Service Fabric 9.1
§ Visual Studio 2017 (multiple)
§ Visual Studio 2019 (multiple)
§ Visual Studio 2022 (multiple)
Source: Microsoft

13. Copyright © 2023 Ivanti. All rights reserved.
Server 2012/2012 R2 EOL is Coming
§ Lifecycle Fact Sheet
§ https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft

14. Copyright © 2023 Ivanti. All rights reserved.
Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 5/13/2025
21H2 11/16/2021 6/11/2024
20H2 10/20/2020 5/9/2023
Windows 10 Home and Pro
Version Release Date End of Support Date
22H2 10/18/2022 5/14/2024
21H2 11/16/2021 6/13/2023
Windows Server
Version Release Date End of Support Date
2019 11/13/2019 1/9/2024
2022 8/18/2021 10/13/2026
Windows 11 Home and Pro
Version Release Date End of Support Date
22H2 9/20/2022 10/8/2024
21H2 10/4/2021 10/10/2023
§ Lifecycle Fact Sheet
§ https://docs.microsoft.com/en-us/lifecycle/faq/windows

15. Copyright © 2023 Ivanti. All rights reserved.
Patch Content Announcements
§ Announcements Posted on Community Forum Pages
§ https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
§ Subscribe to receive email for the desired product(s)

16. Bulletins and Releases

17. Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-09: Security Update Firefox 111
§ Maximum Severity: Critical (High)
§ Affected Products: Security Update Firefox
§ Description: This update from Mozilla addresses security vulnerabilities in the Firefox
browser on multiple platforms.
§ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege
and Information Disclosure
§ Fixes 13 Vulnerabilities: See the Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/ for complete details.
§ Restart Required: Requires application restart
§ Known Issues: None

18. Copyright © 2023 Ivanti. All rights reserved.
MFSA-2023-10: Security Update Firefox ESR 102.9
§ Maximum Severity: Critical (High)
§ Affected Products: Security Update Firefox ESR
§ Description: This update from Mozilla addresses security vulnerabilities in the Firefox
ESR browser on multiple platforms.
§ Impact: Remote Code Execution, Denial of Service, Spoofing and Information
Disclosure
§ Fixes 6 Vulnerabilities: See the Mozilla Security Advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/ for complete details.
§ Restart Required: Requires application restart
§ Known Issues: None

19. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-W11: Windows 11 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
§ Description: This bulletin references KB 5023698 (21H2) and KB 5023706 (22H2).
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, Information Disclosure
§ Fixes 53 Vulnerabilities: CVE-2023-24880 is known exploited and publicly
disclosed. CVE-2022-43552 is publicly disclosed. See the Security Update Guide for
the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide

20. Copyright © 2023 Ivanti. All rights reserved.
March Known Issues for Windows 11
§ KB 5023706 – Windows 11 version 22H2
§ [Provision] Using provisioning packages on Windows 11, version 22H2 (also called
Windows 11 2022 Update) might not work as expected. Windows might only be
partially configured, and the Out Of Box Experience might not finish or might restart
unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working
on a resolution.
§ [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than
expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools
that do not use cache manager (buffered I/O). See KB for multiple mitigations.
Microsoft is working on a resolution.
§ [Missing UUP] Updates released February 14, 2023 or later might download to WSUS
but not propagate further to client devices. Affected WSUS servers are only those
running Windows Server 2022 which have been upgraded and are missing the Unified
Update Platform (UUP) MIME types Microsoft Configuration Manager is not affected
by this issue. Workaround: See KB on how to add the UUP file types to the WSUS
systems. Microsoft is working on a resolution.

21. Copyright © 2023 Ivanti. All rights reserved.
March Known Issues for Windows 11 (cont)
§ KB 5023706 – Windows 11 version 22H2 (cont)
§ [App Fail] Windows devices with some third-party UI customization apps might not
start up. These third-party apps might cause errors with explorer.exe that might repeat
multiple times in a loop. The known affected third-party UI customization apps are
ExplorerPatcher and StartAllBack. Workaround: Uninstall any third-party UI
customization app before installing this or later updates. Microsoft is investigating and
will provide more info in the future.

22. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-W10: Windows 10 Update
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
§ Description: This bulletin references 6 KB articles. See KBs for the list of changes.
§ Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, Information Disclosure
§ Fixes 54 Vulnerabilities: CVE-2023-24880 is known exploited and publicly
disclosed. CVE-2022-43552 is publicly disclosed. See the Security Update Guide for
the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide

23. Copyright © 2023 Ivanti. All rights reserved.
March Known Issues for Windows 10
§ KB 5023702 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
§ [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.

24. Copyright © 2023 Ivanti. All rights reserved.
March Known Issues for Windows 10 (cont)
§ KB 5023705 – Windows Server 2022
§ [Missing UUP]
§ [ESXi Fail] After installing this update on guest virtual machines (VMs) running
Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022
might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are
affected by this issue. Affected versions of VMware ESXi are versions vSphere
ESXi 7.0.x and below.

25. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-MR8: Monthly Rollup for Server 2012
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows Server 2012 and IE
§ Description: This cumulative security update contains improvements that are part of update
KB 5022903 (released February 14, 2023). This update implements the final phase of DCOM
hardening as described in KB 5004442. This phase removes the ability to disable changes
through the registry. Bulletin is based on KB 5023756.
§ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
§ Fixes 44 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See
the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: See next slide

26. Copyright © 2023 Ivanti. All rights reserved.
March Known Issues for Server 2012
§ KB 5023756 – Windows Server 2012 (Monthly Rollup)
§ [Domain Join] After this update or a later Windows update is installed, domain join
operations might be unsuccessful and error "0xaac (2732):
NERR_AccountReuseBlockedByPolicy" occurs. Additionally, text stating "An
account with the same name exists in Active Directory. Re-using the account was
blocked by security policy" might be displayed. Workaround: Microsoft has added
guidance to KB 5020276 and recommends upgrading to a later version of
Windows as this nears EOS.
§ KB 5023752 – Windows Server 2012 (Security-only Update)
§ [Domain Join]

27. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-SO8: Security-only Update for Windows Server 2012
§ Maximum Severity: Critical
§ Affected Products: Microsoft Windows Server 2012
§ Description: This update implements the final phase of DCOM hardening as
described in KB 5004442. This phase removes the ability to disable changes through
the registry. Bulletin is based on KB 5023752.
§ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege,
Information Disclosure
§ Fixes 44 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: [Domain Join]

28. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-MR81: Monthly Rollup for Server 2012 R2
§ Maximum Severity: Critical
§ Affected Products: Server 2012 R2 and IE
§ Description: This cumulative security update contains improvements that are part of update
KB 5022899 (released February 14, 2023). This update implements the final phase of DCOM
hardening as described in KB 5004442. This phase removes the ability to disable changes
through the registry. Bulletin is based on KB 5023765.
§ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
§ Fixes 45 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited. See
the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
NOTE: Windows 8.1 reached EOS on January 10, 2023.

29. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-SO81: Security-only for Server 2012 R2
§ Maximum Severity: Critical
§ Affected Products: Server 2012 R2
§ Description: This update implements the final phase of DCOM hardening as described in
KB 5004442. This phase removes the ability to disable changes through the registry.
Bulletin is based on KB 5023764.
§ Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, Information
Disclosure
§ Fixes 45 Vulnerabilities: No vulnerabilities are publicly disclosed or known exploited.
See the Security Update Guide for the complete list of CVEs.
§ Restart Required: Requires restart
§ Known Issues: None reported
NOTE: Windows 8.1 reached EOS on January 10, 2023.

30. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
§ Maximum Severity: Critical
§ Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
§ Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
§ Impact: Remote Code Execution, Spoofing, Elevation of Privilege
§ Fixes 3 Vulnerabilities: CVE-2023-23397, CVE-2023-23398, and CVE-2023-
23399. CVE-2023-23397 is known exploited.
§ Restart Required: Requires application restart
§ Known Issues: None reported

31. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-OFF: Security Updates for Microsoft Office
§ Maximum Severity: Critical
§ Affected Products: Excel 2013 & 2016, Office 2013 & 2016, Office 2019 & Office
LTSC 2021 for Mac, Office for Android and Universal, Office Online Server and Office
Web Apps Server
§ Description: This security update resolves multiple security issues in Microsoft
Excel, Outlook, and the Office suite. This bulletin references 8 KB articles, and release
notes for the Mac and Android updates.
§ Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege
§ Fixes 6 Vulnerabilities: CVE-2023-23391, CVE-2023-23396, CVE-2023-23397,
CVE-2023-23398, CVE-2023-23399, and CVE-2023-24910. CVE-2023-23397 is
known exploited.
§ Restart Required: Requires application restart
§ Known Issues: None reported

32. Copyright © 2023 Ivanti. All rights reserved.
MS23-03-SPT: Security Updates for SharePoint Server
§ Maximum Severity: Important
§ Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft
SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
§ Description: This update corrects an issue where an attacker is only able to modify
the content of the vulnerable link to redirect the victim to a malicious site. This bulletin
is based on 6 KB articles.
§ Impact: Spoofing
§ Fixes 1 Vulnerability: CVE-2023-23395 is not publicly disclosed or known
exploited.
§ Restart Required: Requires restart
§ Known Issues: None reported

33. Between Patch Tuesdays

34. Copyright © 2023 Ivanti. All rights reserved.
Windows Release Summary
§ Security Updates (with CVEs): Google Chrome (2), Node.JS (Current) (1), Node.JS (LTS Lower)
(1), Node.JS (LTS Upper) (1), Node.JS (Maintain) (1)
§ Security (w/o CVEs): Apache OpenOffice (1), Apache Tomcat (5), Docker for Windows (1), Dropbox
(2), Evernote (1), Firefox (1), FileZilla Client (2), Foxit PDF Editor (1), Foxit PDF Reader (1), Foxit PDF
Reader Enterprise (1), GoodSync (2), Jabra Direct (1), LibreOffice (2), Malwarebytes (2), Node.JS (Current)
(1), Node.JS (LTS Upper) (2), Notepad++ (1), Opera (3), Paint.net (1), Plex Media Server (2), PeaZip (1),
Royal TS (1), Snagit (1), Sourcetree for Windows Enterprise (1), Tableau Desktop (4), Tableau Prep Builder
(1), Tableau Reader (1), TeamViewer (2), UltraVNC (1), Wireshark (2), WinRAR (1), Zoom Client (2), Zoom
Outlook Plugin (1), Zoom Rooms Client (1)
§ Non-Security Updates: 8x8 Work Desktop (1), Amazon WorkSpaces (1), Beyond Compare (1),
Camtasia (1), Cisco WebEx Teams (1), Google Drive File Stream (1), BlueJeans (1), NextCloud Desktop
Client (1), PDF-Xchange PRO (1), PSPad (1), TightVNC (1)

35. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information
§ Google Chrome 110.0.5481.178
§ CHROME-230222, QGC11005481178
§ Fixes 8 Vulnerabilities: CVE-2023-0927, CVE-2023-0928, CVE-2023-0929, CVE-
2023-0930, CVE-2023-0931, CVE-2023-0932, CVE-2023-0933, CVE-2023-0941
§ Google Chrome 111.0.5563.65
§ CHROME-230307, QGC1110556365
§ Fixes 24 Vulnerabilities: CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE-
2023-1216, CVE-2023-1217, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220,
CVE-2023-1221, CVE-2023-1222, CVE-2023-1223, CVE-2023-1224, CVE-2023-
1225, CVE-2023-1226, CVE-2023-1227, CVE-2023-1228, CVE-2023-1229, CVE-
2023-1230, CVE-2023-1231, CVE-2023-1232, CVE-2023-1233, CVE-2023-1234,
CVE-2023-1235, CVE-2023-1236

36. Copyright © 2023 Ivanti. All rights reserved.
Windows Third Party CVE Information (cont)
§ Node.JS 19.6.1 (Current)
§ NOJSC-230221, QNODEJSC1961
§ Fixes 3 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920
§ Node.JS 16.19.1 (LTS Lower)
§ NOJSLL-230221, QNODEJSLL16191
§ Fixes 5 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-
23936, CVE-2023-24807
§ Node.JS 18.14.1 (LTS Upper)
§ NOJSLU-230221, QNODEJSLU18141
§ Fixes 5 Vulnerabilities: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-
23936, CVE-2023-24807
§ Node.JS 14.21.3 (Maintain)
§ NOJSM-230221, QNODEJSM14213
§ Fixes 2 Vulnerabilities: CVE-2023-23918, CVE-2023-23920

37. Copyright © 2023 Ivanti. All rights reserved.
Apple Release Summary
§ Non-Security Updates: aText (2), BBEdit (1), Dropbox (2), Firefox (1), LibreOffice (1), Microsoft Edge
(3), Skype (1), Spotify (1), Visual Studio Code (2), Zoom Client for Mac (2)

38. Q & A

39. Copyright © 2023 Ivanti. All rights reserved.
Thank You!