Tripwire's March 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Google and Microsoft.
First on the patch priority list this month is a patch for Microsoft Office Outlook that resolves a critical elevation of privilege vulnerability (CVE-2023-23397) that should be patched as soon as possible. This vulnerability has seen exploitation in the wild and allows attackers to perform an NTLM Relay attack. Please refer to the following link for a detailed technical discussion for this issue (https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/).
Up next is a patch for Windows Defender that resolves an elevation of privilege vulnerability.
Next are patches for Microsoft Edge and Google Chromium that resolve over 20 vulnerabilities such as spoofing, type confusion, and use after free vulnerabilities.
Up next are 3 patches for Microsoft Office Excel that resolve remote code execution, spoofing, and denial of service vulnerabilities.
Next are patches that affect components of the core Windows operating system. These patches resolve over 55 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, remote code execution, and denial of service vulnerabilities. These vulnerabilities affect core Windows, Kernel, Graphics, PostScript and PCL6 drivers, ICP, TPM2.0, Media, Point-to-Point tunneling protocol, Secure Channel, RPC, and others.
Next are patches for Visual Studio Code that resolve remove code execution, elevation of privilege, and information disclosure vulnerabilities.
Lastly, administrators should focus on server-side patches for DNS Server, Hyper-V, Dynamics, and SharePoint. These patches resolve remote code execution, elevation of privilege, spoofing, cross-site scripting, and information disclosure vulnerabilities.
|
BULLETIN |
CVE |
|
CVE-2023-23397 |
|
|
CVE-2023-23389 |
|
|
CVE-2023-24892 |
|
|
CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE-2023-1216, CVE-2023-1217, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1223, CVE-2023-1224, CVE-2023-1228, CVE-2023-1229, CVE-2023-1230, CVE-2023-1231, CVE-2023-1232, CVE-2023-1233, CVE-2023-1234, CVE-2023-1235, CVE-2023-1236 |
|
|
CVE-2023-23396, CVE-2023-23399, CVE-2023-23398 |
|
|
CVE-2023-24864, CVE-2023-24906, CVE-2023-24858, CVE-2023-24856, CVE-2023-24857, CVE-2023-24911, CVE-2023-24870, CVE-2023-24863, CVE-2023-24866, CVE-2023-23413, CVE-2023-24909, CVE-2023-24907, CVE-2023-24913, CVE-2023-24876, CVE-2023-24872, CVE-2023-24867, CVE-2023-24868, CVE-2023-23406, CVE-2023-23415, CVE-2023-23416, CVE-2023-1017, CVE-2023-1018, CVE-2023-23404, CVE-2023-23401, CVE-2023-23402, CVE-2023-23385, CVE-2023-23414, CVE-2023-23407, CVE-2023-24862, CVE-2023-24910, CVE-2023-23422, CVE-2023-23423, CVE-2023-23420, CVE-2023-23421, CVE-2023-23391, CVE-2023-24908, CVE-2023-24869, CVE-2023-23405, CVE-2023-23412, CVE-2023-23394, CVE-2023-23409, CVE-2023-23417, CVE-2023-23392, CVE-2023-24880, CVE-2023-21708, CVE-2023-23393, CVE-2023-23383, CVE-2023-24861, CVE-2023-23419, CVE-2023-23418, CVE-2023-23410, CVE-2023-24865, CVE-2023-23403, CVE-2023-24871, CVE-2023-23388, CVE-2023-24859 |
|
|
CVE-2023-22490, CVE-2023-22743, CVE-2023-23618, CVE-2023-23946 |
|
|
CVE-2023-23400 |
|
|
CVE-2023-23411 |
|
|
CVE-2023-24919, CVE-2023-24879, CVE-2023-24920, CVE-2023-24891, CVE-2023-24921, CVE-2023-24922 |
|
|
CVE-2023-23395 |
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
