Patch Tuesday March fixes 101 vulnerabilities (two zero-days)

Microsoft and other software companies have released their monthly updates for the month of March. In total Microsoft has fixed 101 both of them are zero-days. Additionally, Adobe fixed a zero-day in ColdFusion.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed (zero-day) security flaws. The CVEs are:zero-day, Patch Tuesday, Microsoft Patch Tuesday

CVE-2023-23397: a critical Microsoft Outlook Elevation of Privilege (EoP) vulnerability. External attackers could send specially crafted emails to induce a connection from the victim to an external UNC site that they control. This would leak the victim's Net-NTLMv2 hashes to the attacker, who could then verify the victim's identity.
The vulnerability could be used for "pass-the-hash" attacks.

CVE-2023-24880: a moderate Windows SmartScreen security feature bypass vulnerability. An attacker could create a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in limited integrity of security features such as Protected View in Microsoft Office that rely on MOTW. This vulnerability was reportedly used in attacks related to .

CVE-2023-26360: ranked as a #1 priority vulnerability in Adobe ColdFusion. The vulnerability could lead to arbitrary code execution.

Adobe says it is aware that CVE-2023-26360 has already been exploited online in very limited attacks targeting Adobe ColdFusion.

Η συνιστά την ενημέρωση των εκδόσεων ColdFusion 2021 και 2018 JDK/JRE στην τελευταία LTS for JDK 11. Applying the ColdFusion update without a corresponding JDK update will NOT secure the server.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
zero-day, Patch Tuesday, Microsoft Patch Tuesday

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).