Microsoft’s March security update for multiple high-risk product vulnerabilities

Microsoft’s March security update for multiple high-risk product vulnerabilities

March 15, 2023 | NSFOCUS

Overview

On March 15, NSFOCUS CERT monitored that Microsoft had released a security update patch for March, which fixed 82 security issues, involving widely used products such as Windows Hyper-V, Microsoft Outlook, Windows HTTP Protocol Stack, Microsoft Graphics, Microsoft Excel, etc., including high-risk vulnerability types such as privilege enhancement, remote code execution, etc.

Among the vulnerabilities fixed in Microsoft’s monthly update this month, there are 9 critical vulnerabilities and 69 important vulnerabilities, including 2 0day vulnerabilities:

Microsoft Outlook Privilege Escalation Vulnerability (CVE-2023-23397)

Windows SmartScreen security feature bypass vulnerability (CVE-2023-24880)

Relevant users are requested to update the patch for protection as soon as possible. Please refer to the appendix for a complete list of vulnerabilities.

Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar

Key Vulnerabilities

According to the popularity of the product and the importance of the vulnerability, the vulnerability with greater impact is screened out in this update. Relevant users should pay attention:

Microsoft Outlook privilege escalation vulnerability (CVE-2023-23397):

Microsoft Outlook has a privilege escalation vulnerability. An unauthenticated attacker sends a specially-crafted email to cause the victim to connect to the external UNC location controlled by the attacker, causing the victim’s Net-NTLMv2 hash to be disclosed to the attacker, and the subsequent attacker can relay it to another service and authenticate as the victim to finally achieve privilege escalation. In addition, Microsoft’s official prompt: the specially-crafted email sent by the attacker can be automatically triggered when the Outlook client retrieves and processes it. At present, it has been detected that the vulnerability has been exploited in the wild, and the CVSS score is 9.8.

Official announcement link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397

Windows SmartScreen security feature bypass vulnerability (CVE-2023-24880):

There is a security function bypass vulnerability in Windows SmartScreen. An unauthenticated remote attacker can induce users to open malicious files. An attacker who successfully exploits this vulnerability can evade the Web Tag (MOTW) defense, thus damaging the integrity and availability of the security function of the MOTW tag. At present, the vulnerability has been publicly disclosed and has been detected to be exploited in the wild. The CVSS score is 5.4.

Official announcement link: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880

Internet Control Message Protocol (ICMP) remote code execution vulnerability (CVE-2023-23415):

There is a remote code execution vulnerability in Internet Control Message Protocol (ICMP). When the target host runs an application bound to the original socket, an unauthenticated remote attacker can send low-level protocol errors to the target host to exploit this vulnerability, and finally execute arbitrary code on the target system. The CVSS score is 9.8.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415

HTTP protocol stack remote execution code vulnerability (CVE-2023-23392):

There is a remote code execution vulnerability in the HTTP protocol stack (HTTP. sys). When HTTP/3 is enabled on the server and buffered I/O is used, an unauthenticated attacker can execute arbitrary code by sending a specially crafted HTTP packet to the target server. The CVSS score is 9.8.

The Windows HTTP protocol stack (HTTP. sys) is the kernel driver for handling HTTP requests in the Windows operating system. It is commonly used in the communication between Web browsers and Web servers, as well as in Internet Information Services (IIS).

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23392

Remote Procedure Call Runtime remote code execution vulnerability (CVE-2023-21708):

There is a remote code execution vulnerability in the Remote Procedure Call Runtime. An unauthenticated remote attacker can finally execute code on the server with the same permissions as the RPC service by sending a crafted RPC call to the RPC host. In addition, Microsoft officially recommends blocking TCP 135 port on the enterprise peripheral firewall to reduce the potential attack of this vulnerability. The CVSS score is 9.8.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21708

Windows Cryptographic Services Remote Code Execution Vulnerability (CVE-2023-23416):

There is a remote code execution vulnerability in Windows Cryptographic Services. The attacker first needs to upload the malicious certificate to the service that processes or imports the certificate, or persuade the authenticated user to import the malicious certificate on his own system. An attacker without authentication can finally execute arbitrary code with user privileges on the target system by exploiting this vulnerability. The CVSS score is 8.4.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23416

Windows Point-to-Point Tunneling Protocol remote code execution vulnerability (CVE-2023-23404):

Windows point-to-point tunneling protocol has a remote code execution vulnerability. Unauthenticated remote attackers can finally implement remote code execution on the server side without user interaction by sending a special connection request to the RAS server. The CVSS score is 8.1.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23404

Windows Hyper-V denial of service vulnerability (CVE-2023-23411):

Windows Hyper-V is Microsoft’s local hypervisor. There is a denial-of-service vulnerability in this product. An attacker with low privileges can use this vulnerability to cause a denial-of-service attack on the Hyper-V host. The CVSS score is 6.5.

Official announcement link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23411

Scope of Impact

The following are some affected product versions that focus on vulnerabilities. For the scope of other products affected by vulnerabilities, please refer to the official announcement link.

Vulnerability numberAffected product version
CVE-2023-23397Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Outlook 2016 (32-bit edition)
Microsoft Office LTSC 2021 for 32-bit editions
CVE-2023-24880Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
CVE-2023-23415 CVE-2023-21708Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-23392Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
CVE-2023-23416Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-23404Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-23411Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems

Mitigation

At present, Microsoft has officially released a security patch to fix the above vulnerabilities for the supported product versions. It is strongly recommended that the affected users install the patch for protection as soon as possible. The official download link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar

Note: Due to network problems, computer environment problems and other reasons, the patch update of Windows Update may fail. After installing the patch, users should check whether the patch is successfully updated.

Right-click the Windows icon, select “Settings”, select “Update and Security” – “Windows Update” to view the prompt information on this page, or click “View Update History” to view the historical updates.

For updates that have not been successfully installed, you can click the update name to jump to the official download page of Microsoft. It is recommended that users click the link on this page and go to the “Microsoft Update Directory” website to download and install the independent package.

Appendix: Vulnerability List

Impact productsCVE NoVulnerability TitleSeverity
Internet Control Message Protocol (ICMP)CVE-2023-23415Internet Control Message Protocol (ICMP) remote code execution vulnerabilityCritical
Microsoft Office OutlookCVE-2023-23397Microsoft Outlook Privilege Escalation VulnerabilityCritical
Remote Access Service Point-to-Point Tunneling ProtocolCVE-2023-23404Windows Point to Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2023-23411Windows Hyper-V Denial of Service VulnerabilityCritical
Windows Cryptographic ServicesCVE-2023-23416Windows Encryption Service Remote Code Execution VulnerabilityCritical
Windows HTTP Protocol StackCVE-2023-23392HTTP protocol stack remote code execution vulnerabilityCritical
Windows Remote Procedure CallCVE-2023-21708Remote procedure call runtime remote code execution vulnerabilityCritical
Windows TPMCVE-2023-1017CERT/CC: CVE-2023-1017 TPM2.0 module library privilege escalation vulnerabilityCritical
Windows TPMCVE-2023-1018CERT/CC: CVE-2023-1018 TPM2.0 module library privilege escalation vulnerabilityCritical
AzureCVE-2023-23408Azure Apache Ambari spoofing vulnerabilityImportant
Client Server Run-time Subsystem (CSRSS)CVE-2023-23409Client Server Runtime Subsystem (CSRSS) Information Disclosure VulnerabilityImportant
Client Server Run-time Subsystem (CSRSS)CVE-2023-23394Client Server Runtime Subsystem (CSRSS) Information Disclosure VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2023-23388Windows Bluetooth driver privilege escalation vulnerabilityImportant
Microsoft DynamicsCVE-2023-24920Microsoft Dynamics 365 (on premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-24879Microsoft Dynamics 365 (on premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-24919Microsoft Dynamics 365 (on premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-24891Microsoft Dynamics 365 (on premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-24922Microsoft Dynamics 365 Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2023-24921Microsoft Dynamics 365 (on premises) Cross-site Scripting VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-24910Windows Graphics Component Privilege Escalation VulnerabilityImportant
Microsoft Office ExcelCVE-2023-23398Microsoft Excel Spoofing VulnerabilityImportant
Microsoft Office ExcelCVE-2023-23396Microsoft Excel Denial of Service VulnerabilityImportant
Microsoft Office ExcelCVE-2023-23399Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-23395Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft OneDriveCVE-2023-24890Microsoft OneDrive for iOS Security Feature Bypass VulnerabilityImportant
Microsoft OneDriveCVE-2023-24930Microsoft OneDrive for MacOS Privilege Escalation VulnerabilityImportant
Microsoft OneDriveCVE-2023-24882Microsoft OneDrive for Android Information Disclosure VulnerabilityImportant
Microsoft OneDriveCVE-2023-24923Microsoft OneDrive for Android Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24907Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24868Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24872Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24876Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24913Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24864Microsoft PostScript and PCL6 Class Printer Driver Privilege Escalation VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24866Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24906Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24867Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24863Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24858Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24911Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24870Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24909Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-23406Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-23413Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24865Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-23403Microsoft PostScript and PCL6 Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-23401Windows Media Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-23402Windows Media Remote Code Execution VulnerabilityImportant
Office for AndroidCVE-2023-23391Office for Android spoofing vulnerabilityImportant
Role: DNS ServerCVE-2023-23400Windows DNS Server Remote Code Execution VulnerabilityImportant
Service FabricCVE-2023-23383Service Fabric Explorer spoofing vulnerabilityImportant
Visual StudioCVE-2023-23618GitHub: CVE-2023-23618 Git for Windows Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-22743GitHub: CVE-2023-22743 Git for Windows Installer Privilege Escalation VulnerabilityImportant
Visual StudioCVE-2023-23946GitHub: CVE-2023-23946 minit remote code execution vulnerabilityImportant
Visual StudioCVE-2023-22490GitHub: CVE-2023-22490 Mingit Information Disclosure VulnerabilityImportant
Windows Accounts ControlCVE-2023-23412Windows Account Picture Privilege Escalation VulnerabilityImportant
Windows Bluetooth ServiceCVE-2023-24871Windows Bluetooth Service Remote Code Execution VulnerabilityImportant
Windows Central Resource ManagerCVE-2023-23393Windows BrokerInfrastructure Service Privilege Escalation VulnerabilityImportant
Windows DefenderCVE-2023-23389Microsoft Defender Privilege Escalation VulnerabilityImportant
Windows HTTP.sysCVE-2023-23410Windows HTTP.sys Privilege Escalation VulnerabilityImportant
Windows Internet Key Exchange (IKE) ProtocolCVE-2023-24859Windows Internet Key Exchange (IKE) Extended Denial of Service VulnerabilityImportant
Windows KernelCVE-2023-23420Windows kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-23422Windows kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-23421Windows kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-23423Windows kernel privilege escalation vulnerabilityImportant
Windows Partition Management DriverCVE-2023-23417Windows Partition Management Driver Privilege Escalation VulnerabilityImportant
Windows Point-to-Point Protocol over Ethernet (PPPoE)CVE-2023-23407Windows Ethernet Point-to-Point Protocol (PPPoE) Remote Code Execution VulnerabilityImportant
Windows Point-to-Point Protocol over Ethernet (PPPoE)CVE-2023-23385Windows Ethernet Point-to-Point Protocol (PPPoE) Privilege Escalation VulnerabilityImportant
Windows Point-to-Point Protocol over Ethernet (PPPoE)CVE-2023-23414Windows Ethernet Point-to-Point Protocol (PPPoE) Remote Code Execution VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2023-23405Remote procedure call runtime remote code execution vulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2023-24869Remote procedure call runtime remote code execution vulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2023-24908Remote procedure call runtime remote code execution vulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2023-23419Windows Resilient File System (ReFS) Privilege Escalation VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2023-23418Windows Resilient File System (ReFS) Privilege Escalation VulnerabilityImportant
Windows Secure ChannelCVE-2023-24862Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Win32KCVE-2023-24861Windows Graphics Component Privilege Escalation VulnerabilityImportant
Windows SmartScreenCVE-2023-24880Windows SmartScreen security feature bypass vulnerabilityModerate
MarinerCVE-2023-0567unknownUnknown
MarinerCVE-2023-20052unknownUnknown
MarinerCVE-2023-20032unknownUnknown

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.