You might have noticed a long update for Windows this morning. Microsoft has released a series of updates on its March Patch Tuesday, aimed at resolving nearly 80 security vulnerabilities in the system. 

The company has introduced two new patches, KB5023696 and KB5023697, to address system and security issues present in various Windows 10 versions such as 22H2, 21H2, 21H1, 1809, and 1607 as well as Windows Server 2016. These updates are mandatory and will be automatically installed through Windows Update, unless the system has been modified or restricted. Moreover, Microsoft has also introduced a small patch, KB5023713, to address security fixes and hyperlinks in Excel for Windows 10 1507.

Additionally, Microsoft has released two critical zero-day vulnerability fixes that had been actively exploited since April of 2022. These two vulnerabilities, identified as CVE-2023-23397 and CVE-2023-24880, can be exploited to conduct elevated privilege attacks and bypass Windows security features. CVE-2023-23397 enables attackers to craft malicious emails to target devices, forcing them to connect with remote URLs and transmit the Windows account's Net-NTLMv2 hash. Whereas, CVE-2023-24880 is a Windows SmartScreen vulnerability that allows attackers to bypass the Windows Mark of the Web security warning and execute malicious code.

The inclusion of these fixes highlights Microsoft's continued effort to secure its systems and protect users from potential threats. Users are strongly advised to update their systems to ensure they have the latest protection against these critical vulnerabilities.

A  detailed report of disclosed security fixes for March 2023 is available to browse here.