Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack
Mar 15, 2023
Patch Tuesday / Software Update
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws , two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The two vulnerabilities that have come under active attack include a Microsoft Outlook privilege escalation flaw ( CVE-2023-23397 , CVSS score: 9.8) and a Windows SmartScreen security feature bypass ( CVE-2023-24880 , CVSS score: 5.1). CVE-2023-23397 is "triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server," Microsoft said in a standalone advisory. A threat actor could leverage this flaw by sending a specially crafted email, activating it automatically when it is retrieved and pr
