
_____________________________
A. List of Vulnerabilities
Microsoft OneDrive | CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Microsoft OneDrive | CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Information Disclosure | Important |
Microsoft Dynamics | CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability | Information Disclosure | Important |
Microsoft Dynamics | CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Spoofing | Important |
Microsoft Dynamics | CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Spoofing | Important |
Microsoft Dynamics | CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Spoofing | Important |
Microsoft PostScript Printer Driver | CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Microsoft Graphics Component | CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Microsoft PostScript Printer Driver | CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Windows Remote Procedure Call Runtime | CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Microsoft Edge (Chromium-based) | CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | Spoofing | Important |
Microsoft Dynamics | CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Spoofing | Important |
Microsoft OneDrive | CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
Microsoft OneDrive | CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability | Information Disclosure | Important |
Windows SmartScreen | CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability | Security Feature Bypass | Moderate |
Microsoft Dynamics | CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Spoofing | Important |
Microsoft PostScript Printer Driver | CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Windows Bluetooth Service | CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Windows Remote Procedure Call Runtime | CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Microsoft Printer Drivers | CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Microsoft PostScript Printer Driver | CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Microsoft PostScript Printer Driver | CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Windows Secure Channel | CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability | Denial of Service | Important |
Windows Win32K | CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Internet Key Exchange (IKE) Protocol | CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | Denial of Service | Important |
Microsoft PostScript Printer Driver | CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Microsoft PostScript Printer Driver | CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Microsoft PostScript Printer Driver | CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important |
Visual Studio | CVE-2023-23946 | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability | Remote Code Execution | Important |
Visual Studio | CVE-2023-23618 | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability | Remote Code Execution | Important |
Windows Kernel | CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Kernel | CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Kernel | CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Kernel | CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Resilient File System (ReFS) | CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Resilient File System (ReFS) | CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Partition Management Driver | CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Cryptographic Services | CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability | Remote Code Execution | Critical |
Internet Control Message Protocol (ICMP) | CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability | Remote Code Execution | Critical |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Windows Accounts Control | CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Role: Windows Hyper-V | CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability | Denial of Service | Critical |
Windows HTTP.sys | CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Information Disclosure | Important |
Azure | CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability | Spoofing | Important |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft PostScript Printer Driver | CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Windows Remote Procedure Call Runtime | CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Remote Code Execution | Important |
Remote Access Service Point-to-Point Tunneling Protocol | CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Remote Code Execution | Critical |
Microsoft Printer Drivers | CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft Windows Codecs Library | CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft Windows Codecs Library | CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | Important |
Role: DNS Server | CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft Office Excel | CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
Microsoft Office Excel | CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability | Spoofing | Important |
Microsoft Office Outlook | CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | Elevation of Privilege | Critical |
Microsoft Office Excel | CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability | Denial of Service | Important |
Microsoft Office SharePoint | CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability | Spoofing | Important |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | Information Disclosure | Important |
Windows Central Resource Manager | CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows HTTP Protocol Stack | CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability | Remote Code Execution | Critical |
Office for Android | CVE-2023-23391 | Office for Android Spoofing Vulnerability | Spoofing | Important |
Windows Defender | CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Microsoft Bluetooth Driver | CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Service Fabric | CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability | Spoofing | Important |
Visual Studio | CVE-2023-22743 | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Visual Studio | CVE-2023-22490 | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability | Information Disclosure | Important |
Windows Remote Procedure Call | CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Remote Code Execution | Critical |
Windows TPM | CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability | Elevation of Privilege | Critical |
Windows TPM | CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability | Elevation of Privilege | Critical |
Microsoft Edge (Chromium-based) | CVE-2023-1236 | Chromium: CVE-2023-1236 Inappropriate implementation in Internals | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1235 | Chromium: CVE-2023-1235 Type Confusion in DevTools | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1234 | Chromium: CVE-2023-1234 Inappropriate implementation in Intents | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1233 | Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1232 | Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1231 | Chromium: CVE-2023-1231 Inappropriate implementation in Autofill | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1230 | Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1229 | Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1228 | Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1224 | Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1223 | Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1222 | Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1221 | Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1220 | Chromium: CVE-2023-1220 Heap buffer overflow in UMA | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1219 | Chromium: CVE-2023-1219 Heap buffer overflow in Metrics | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1218 | Chromium: CVE-2023-1218 Use after free in WebRTC | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1217 | Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1216 | Chromium: CVE-2023-1216 Use after free in DevTools | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1215 | Chromium: CVE-2023-1215 Type Confusion in CSS | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1214 | Chromium: CVE-2023-1214 Type Confusion in V8 | None | None |
Microsoft Edge (Chromium-based) | CVE-2023-1213 | Chromium: CVE-2023-1213 Use after free in Swiftshader | None | None |
_____________________________
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Kindly review and apply the necessary updates to mitigate future threats.
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- For additional information, kindly refer to the official report
- https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
- https://msrc.microsoft.com/update-guide/vulnerability