Description

Microsoft released security updates to fix vulnerabilities in their software products that include, but not limited to:

• Windows OS: 10 and 11

• Windows Server: 2016, 2019, 2022

• Microsoft Edge

• Microsoft Office: 2013, 2016, 2019, Microsoft 365

The released security updates fix multiple vulnerabilities, which include two zero-day vulnerabilities:

• CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability

• CVE-2023-24880: Windows SmartScreen Security Feature Bypass Vulnerability

Security Risks

If the identified vulnerabilities in Microsoft products are not patched, authenticated attackers can remotely gain control of vulnerable systems and run malicious code with elevated privileges.

For the full list of security patches released by Microsoft, please refer to  Microsoft Security Update Guide

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. apply the latest security patches, as soon as possible, to prevent unauthorized control over unpatched systems.

2. upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded immediately:

• Windows Vista, XP, 8 and 7
• Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2
• Exchange Server 2003, 2007, 2010
• Microsoft SQL Server 2005, 2008, 2012

3. Before beginning any updating task, make sure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailat rwcsirt@ncsa.gov.rw or call us on 9009

References

Release Note - March 2023