• For Enquiry
  • 847-868-9253
  • 847-868-9208
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Law Firms
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • Cybersecurity Services
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
    • Privacy Policy
    • Terms & Conditions
  • Locations
    • Northfield, IL
    • Northbrook, IL
    • Chicago, IL
    • Miami, FL
  • Support
✕
AT&T Data Breach – 9 Million Affected
March 27, 2023
Everything to Know About Essendant’s Multi-Day Outage
March 29, 2023

Microsoft Patch Tuesday

March 28, 2023

Microsoft released on March 14, 2023, a security update that fixes at least 74 bugs in Windows and other software. Hackers are already attacking two flaws, including a very serious one in Microsoft Outlook.

Microsoft Outlook Vulnerability

The Outlook bug, CVE-2023-23397, affects all versions of Microsoft Outlook from 2013 to the most recent one.

Microsoft said that threat actors are taking advantage of this bug. It starts working automatically when a malicious email goes to an email server, even before it appears in the Preview Pane.

CVE-2023-23397 is an NTLM relay exploit that enables an attacker to gain a user’s Windows account password and use it in a “Pass The Hash” attack.
The flaw makes it possible for a threat actor to pose as a trustworthy person. This is the same as an attacker having a valid password and getting into an organization’s systems.

Windows SmartScreen Vulnerability

The second exploited flaw, CVE-2023-24880, is a “Security Feature Bypass” in Windows
SmartScreen. The flaw can let malicious code run without SmartScreen checks.
CVE-2023-24880 lets threat actors create files that get around Mark of the Web (MOTW)
defenses. By bypassing the MOTW, hackers can spread malware through documents and other infected files that SmartScreen normally blocks.

Microsoft also fixed seven other security flaws this week with a “critical” rating. The rating
means that a threat actor could take complete remote control of a Windows host without the user having to do much.

Action Plan for Business Owners

Windows is a staple in many businesses. Owners should take the following precautions to protect their clients and make sure their systems are safe:

  • Install security updates quickly. Once there’s a new patch, you should update your
    software to stop exploitation.
  • Establish a regular update schedule. Check for and apply updates for your operating
    system, apps, and security programs on a regular basis.
  • Get people to use strong passwords. Encourage employees to use strong, unique
    passwords and consider using a password manager.
  • Enable multi-factor authentication. This provides an added layer of security.
  • Train your workers about security. Teach your employees best practices, like spotting suspicious emails and what to do when a cyberattack happens.
  • Always have a backup plan. Back up your data regularly and keep it in several places for quick recovery.
  • Monitor network activity. Use tools for network monitoring to find strange behavior and possible threats.
  • Develop an incident response plan. Plan for handling cybersecurity issues, including ways to deal with threats.
  • Review policies on security. Regularly review and update security policies to adapt to new threats and technology.

Final Word

Organizations need to be always aware of cyber dangers. By regularly reviewing and updating security rules, you can keep your digital environment safe from threats.

Share
59
taylor
taylor

Related posts

March 10, 2025

The Hidden Threat: How Gift Card Scams Are Targeting Businesses Like Yours

Read more
February 11, 2025

CIO Landing Named to CRN’s MSP 500 List for 2025—For the Third Year in a Row!

Read more
December 4, 2024

Unlocking the Power of Windows 11: Tips for Maximum Productivity

Read more
© 2025 All Rights Reserved | Powered by CIO Landing