Security News > 2023 > March > Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild.

The two vulnerabilities that have come under active attack include a Microsoft Outlook privilege escalation flaw and a Windows SmartScreen security feature bypass.

The disclosure also comes as the U.S. Cybersecurity and Infrastructure Security Agency added the two flaws to the Known Exploited Vulnerabilities catalog and announced a new pilot program that aims to warn critical infrastructure entities about "Vulnerabilities commonly associated with known ransomware exploitation."

Also closed out by Microsoft are a number of critical remote code execution flaws impacting HTTP Protocol Stack, Internet Control Message Protocol, and Remote Procedure Call Runtime.

Other notable mentions include patches for four privilege escalation bugs identified in the Windows Kernel, 10 remote code execution flaws affecting Microsoft PostScript and PCL6 Class Printer Driver, and a WebView2 spoofing vulnerability in the Edge browser.

Elsewhere, Microsoft also closed out two information disclosure flaws in Microsoft OneDrive for Android, one spoofing vulnerability in Office for Android, one security bypass bug in Microsoft OneDrive for iOS, and one privilege escalation issue in OneDrive for macOS. Rounding off the list are patches for two high-severity vulnerabilities in the Trusted Platform Module 2.0 reference library specification that could lead to information disclosure or privilege escalation.

News URL

https://thehackernews.com/2023/03/microsoft-rolls-out-patches-for-80-new.html