Hello,
Initially the KB5012170 replaces GRUB with GRUB 2.06 which is a version that doesn't contain the vulnerabilities.
The March update contains different vulnerability patches for GRUB versions prior to 2.06, released at the moment that were detected but combined in March 2023 updated for spread distribution.
You can have more information about the updates on the releases releases at:
https://msrc.microsoft.com/update-guide/vulnerability/ADV200011
--If the reply is helpful, please Upvote and Accept as answer--