Microsoft, like Google, and unlike Apple, releases a new round of security updates every month to fix all vulnerabilities that have been found since the previous version was released, and fix any bugs in the process. of operation and performance that some equipment may be suffering.
Like every month, around the middle of the month and being Tuesday, Microsoft has released a new patch, a patch that corresponds to the month of March 2023 and that fixes a total of 79 vulnerabilities and security flaws that may have been exploited by friends of the foreign since they represent a way of entering devices with this operating system, although the latter has not been confirmed by the company.
Of these 79 vulnerabilities detected, 9 are considered critical. Critical vulnerabilities are the most dangerous as they allow gaining administrator privileges, remote code execution, and denial of service.
- 27 vulnerabilities that allowed code to be executed remotely
- 21 vulnerabilities that allowed you to gain privileges
- 15 failures that allowed stealing information from computers
- 10 vulnerabilities focused on impersonating administrators
- 4 vulnerabilities that allowed denial of service attacks
- 2 bugs that bypassed the Windows security system
In addition to these Windows vulnerabilities, last Monday, Microsoft corrected more than twenty vulnerabilities that had been detected in microsoft edgethe native and default Windows browser.
2 dangerous vulnerabilities fixed
Of all the vulnerabilities that have been detected, we must especially highlight two of them, since they are security flaws in Windows that arethey have always been present in the operating system. These vulnerabilities, called Zero-Day or zero-day attack, are the following:
- CVE-2023-23397. This is a bug that, through malicious code, forces Microsoft Outlook to visit a certain URL and transmit the Net-NTLMv2 hash of the user’s Microsoft account, that is, the account’s login details. This vulnerability has been exploited in the past by a group of pirates computer programs sponsored by the Russian government.
- CVE-2023-24880. This is another vulnerability used in the past by outsiders that allowed executable files to be created that bypassed the Windows SmartScreen security feature warning, bypassing Windows Defender security protections. This vulnerability has been used in the past by the ransomware Magniber.
Download March 2023 security patches
As long as we have automatic updates activated in both Windows 10 and Windows 11, the only Microsoft operating systems that currently receive support, these should have already been downloaded to our computer and it will be waiting to restart to finish installing correctly.
But, if we don’t like Windows marking the way we work with the PC, and we have disabled automatic updates, something that SoftZone doesn’t recommend, we can directly download and install the patches that solve these problems through the following links.
For Windows 10 21H2 and 22H2 – KB5023696
For Windows version 2021 – KB5023698
For Windows version 2022 – KB5023706