On Tuesday, Microsoft released its March 2023 Patch Tuesday updates, which includes fixes for two zero-day vulnerabilities and 83 other security flaws. The two zero-day vulnerabilities, CVE-2023-23397 and CVE-2023-24880, were being used by state-sponsored and ransomware threat actors to exploit Microsoft software. Both vulnerabilities allowed attackers to bypass security features and execute malicious code on targeted systems.
One of the zero-day vulnerabilities, CVE-2023-23397, was also being used by Russian hackers since April 2022 to exploit Microsoft Outlook software. Microsoft recently issued a warning about the exploitation of another zero-day vulnerability in its Outlook software, which was discovered by security researchers in November 2022.
The March 2023 Patch Tuesday also includes fixes for 80 other security vulnerabilities in various Microsoft products, including Exchange Server, SharePoint Server, and Windows. Microsoft recommends that users install these updates as soon as possible to prevent further exploitation of these vulnerabilities.