The full list of fixed vulnerabilities can be found below. CVE-2023-2180 has been addressed as part of Patch Tuesday March 2023. Furthermore, per Microsoft’s observations, the threat actor could also tamper with report files, an action that would permit him to JavaScript-based attacks. Upon user interaction, the threat actor would have gained elevated permissions within the domain, allowing him to further exploit this web server vulnerability. High) on the CVSS 3.1.8.2 scale.Īccording to Microsoft, an attacker could potentially trigger a full DOS across the network by passing the victim a specially-crafted package. Next item is CVE-2023-21806, a Power BI Report Server Spoofing vulnerability, with a score of 7.1 (i.e. A security patch is available on Microsoft’s official website. Medium), this defect, which was traced back to a bugged Windows MSHTML Platform component, can potentially allow a threat actor to bypass safeguards and execute arbitrary code on the victim’s machine. We’ll start the list with CVE-2023-21805, a Windows MSHTML Platform Remote Code Execution vulnerability. Enjoy! Patch Tuesday March 2023 – Highlights With this in mind, let’s take a closer look at what Patch Tuesday March 2023 has in store for us.
The list also features patches for non-Edge vulnerabilities such as the Windows MSHTML Remote Code Execution Vulnerability and the Power BI Report Server spoofing vulnerability. As part of the March vulnerability patching bout, Microsoft has released 23 fixes for Chromium- and OS-based security bugs.
0 kommentar(er)
