Microsoft has released April 2023 Patch Tuesday security updates, addressing 97 vulnerabilities. Seven are classified as critical as they allow the most severe type of vulnerability remote code execution, and 90 are classified as important. The products covered in the April security update include Windows CLFS driver, Microsoft Message Queuing, Windows DHCP Server, Windows Layer 2 Tunneling Protocol, .NET Core, Azure Machine Learning, Azure Service Connector, Microsoft Bluetooth Driver, Microsoft Defender for Endpoint, Microsoft Dynamics, and more.
This month’s Patch Tuesday fixes one zero-day vulnerability that is known to be exploited in Nokoyawa ransomware attacks (CVE-2023-28252)
Zero-Days Vulnerabilities
CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
This vulnerability has a CVSSv3.1 score of 7.8 out of 10. This vulnerability allows remote attackers to execute commands with the highest level of privileges, called SYSTEM privileges, on a Windows system. This can give the attacker complete control over the targeted system if exploited.
Critical Vulnerabilities
This Patch Tuesday addresses seven security vulnerabilities categorized as “Critical”. These vulnerabilities can pose a significant threat to the security of the affected devices. If exploited, they could allow remote code execution, enabling attackers to gain control of systems and perform various malicious activities.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Microsoft Message Queuing | CVE-2023-21554 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
Windows DHCP Server | CVE-2023-28231 | DHCP Server Service Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-28219 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-28220 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows PGM | CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
Windows Point-to-Point Tunneling Protocol | CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Raw Image Extension | CVE-2023-28291 | Raw Image Extension Remote Code Execution Vulnerability | Critical |
Microsoft Security Bulletin Summary for April 2023
-
- .NET Core
-
- Azure Machine Learning
-
- Azure Service Connector
-
- Microsoft Bluetooth Driver
-
- Microsoft Defender for Endpoint
-
- Microsoft Dynamics
-
- Microsoft Dynamics 365 Customer Voice
-
- Microsoft Edge (Chromium-based)
-
- Microsoft Graphics Component
-
- Microsoft Message Queuing
-
- Microsoft Office
-
- Microsoft Office Publisher
-
- Microsoft Office SharePoint
-
- Microsoft Office Word
-
- Microsoft PostScript Printer Driver
-
- Microsoft Printer Drivers
-
- Microsoft WDAC OLE DB provider for SQL
-
- Microsoft Windows DNS
-
- Visual Studio
-
- Visual Studio Code
-
- Windows Active Directory
-
- Windows ALPC
-
- Windows Ancillary Function Driver for Winsock
-
- Windows Boot Manager
-
- Windows Clip Service
-
- Windows CNG Key Isolation Service
-
- Windows Common Log File System Driver
-
- Windows DHCP Server
-
- Windows Enroll Engine
-
- Windows Error Reporting
-
- Windows Group Policy
-
- Windows Internet Key Exchange (IKE) Protocol
-
- Windows Kerberos
-
- Windows Kernel
-
- Windows Layer 2 Tunneling Protocol
Product: Microsoft Windows
CVEs/Advisory: CVE-2023-21554, CVE-2023-21727, CVE-2023-21729, CVE-2023-21769, CVE-2023-24883, CVE-2023-24884, CVE-2023-24885, CVE-2023-24886, CVE-2023-24887, CVE-2023-24912, CVE-2023-24914, CVE-2023-24924, CVE-2023-24925, CVE-2023-24926, CVE-2023-24927, CVE-2023-24928, CVE-2023-24929, CVE-2023-24931, CVE-2023-28216, CVE-2023-28217, CVE-2023-28218, CVE-2023-28219, CVE-2023-28220, CVE-2023-28221, CVE-2023-28222, CVE-2023-28223, CVE-2023-28224, CVE-2023-28225, CVE-2023-28226, CVE-2023-28227, CVE-2023-28228, CVE-2023-28229, CVE-2023-28231, CVE-2023-28232, CVE-2023-28233, CVE-2023-28234, CVE-2023-28235, CVE-2023-28236, CVE-2023-28237, CVE-2023-28238, CVE-2023-28240, CVE-2023-28241, CVE-2023-28243, CVE-2023-28244, CVE-2023-28246, CVE-2023-28247, CVE-2023-28248, CVE-2023-28249, CVE-2023-28250, CVE-2023-28252, CVE-2023-28253, CVE-2023-28254, CVE-2023-28255, CVE-2023-28256, CVE-2023-28266, CVE-2023-28267, CVE-2023-28268, CVE-2023-28269, CVE-2023-28270, CVE-2023-28271, CVE-2023-28272, CVE-2023-28273, CVE-2023-28274, CVE-2023-28275, CVE-2023-28276, CVE-2023-28277, CVE-2023-28278, CVE-2023-28291, CVE-2023-28292, CVE-2023-28293, CVE-2023-28297, CVE-2023-28298, CVE-2023-28302, CVE-2023-28305, CVE-2023-28306, CVE-2023-28307, CVE-2023-28308
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
KB’s: 5022282, 5022286, 5022287, 5022289, 5022291, 5022297, 5022303, 5022343, 5022346, 5022348, 5022352, 5025221, 5025224, 5025228, 5025229, 5025230, 5025234, 5025239, 5025272, 5025285, 5025287, 5025288
Product: Microsoft Dynamics
CVEs/Advisory: CVE-2023-28313, CVE-2023-28314, CVE-2023-28309
Impact: Spoofing
KB’s: 5023894
Product: Visual Studio
CVEs/Advisory: CVE-2023-28260, CVE-2023-28262, CVE-2023-28263, CVE-2023-28296, CVE-2023-28299
Impact: Elevation of Privilege, Information Disclosure, Remote Code Execution, Spoofing
Product: Microsoft Office
CVEs/Advisory: CVE-2023-28285, CVE-2023-28287, CVE-2023-28288, CVE-2023-28295, CVE-2023-28311
Impact: Remote Code Execution, Spoofing
KB’s: 5002213, 5002221, 5002373, 5002375, 5002381, 5002383, 5002385
SanerNow VM and SanerNow PM detect and automatically fix these vulnerabilities by applying security updates. Use SanerNow and keep your systems updated and secure.