Microsoft April 2023 Patch Tuesday

Published: 2023-04-11. Last Updated: 2023-04-11 17:45:46 UTC
by Renato Marinho (Version: 1)

This month we got patches for 114 vulnerabilities. Of these, 7 are critical, and 1 is already being exploited, according to Microsoft.

The exploited vulnerability is an Elevation of Privilege affecting the Windows Common Log File System Driver (CVE-2023-28252). The advisory says that the vulnerability severity is important, the attack vector is local, and the attack complexity is low. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. As this vulnerability is being exploited, it is recommended that you apply the patch as soon as possible. The CVSS for this vulnerability is 7.8.

Among critical vulnerabilities, there is a Remote Code Execution (RCE) affecting Microsoft Message Queuing (MSMQ) (CVE-2023-21554). MSMQ technology enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline. To exploit this vulnerability, an attacker must send a specially crafted malicious MSMQ packet to an MSMQ server. This could result in remote code execution on the server side. The MSMQ service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. You can check to see if there is a service running named Message Queuing, and TCP port 1801 is listening on the machine. The CVSS for this vulnerability is 9.8.

There is also an RCE affecting DHCP Server Service (CVE-2023-28231). According to the advisory, an authenticated attacker could exploit this vulnerability by leveraging a specially crafted RPC call to the DHCP service. Successful exploitation of this vulnerability requires that an attacker first gain access to the restricted network before running an attack. The CVSS for this vulnerability is 8.8.

See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/.

April 2023 Security Updates

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
.NET DLL Hijacking Remote Code Execution Vulnerability
CVE-2023-28260	No	No	-	-	Important	7.8	7.0
Azure Machine Learning Information Disclosure Vulnerability
CVE-2023-28312	No	No	-	-	Important	6.5	5.7
Azure Service Connector Security Feature Bypass Vulnerability
CVE-2023-28300	No	No	-	-	Important	7.5	6.5
Chromium: CVE-2023-1810 Heap buffer overflow in Visuals
CVE-2023-1810	No	No	-	-	-
Chromium: CVE-2023-1811 Use after free in Frames
CVE-2023-1811	No	No	-	-	-
Chromium: CVE-2023-1812 Out of bounds memory access in DOM Bindings
CVE-2023-1812	No	No	-	-	-
Chromium: CVE-2023-1813 Inappropriate implementation in Extensions
CVE-2023-1813	No	No	-	-	-
Chromium: CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing
CVE-2023-1814	No	No	-	-	-
Chromium: CVE-2023-1815 Use after free in Networking APIs
CVE-2023-1815	No	No	-	-	-
Chromium: CVE-2023-1816 Incorrect security UI in Picture In Picture
CVE-2023-1816	No	No	-	-	-
Chromium: CVE-2023-1817 Insufficient policy enforcement in Intents
CVE-2023-1817	No	No	-	-	-
Chromium: CVE-2023-1818 Use after free in Vulkan
CVE-2023-1818	No	No	-	-	-
Chromium: CVE-2023-1819 Out of bounds read in Accessibility
CVE-2023-1819	No	No	-	-	-
Chromium: CVE-2023-1820 Heap buffer overflow in Browser History
CVE-2023-1820	No	No	-	-	-
Chromium: CVE-2023-1821 Inappropriate implementation in WebShare
CVE-2023-1821	No	No	-	-	-
Chromium: CVE-2023-1822 Incorrect security UI in Navigation
CVE-2023-1822	No	No	-	-	-
Chromium: CVE-2023-1823 Inappropriate implementation in FedCM
CVE-2023-1823	No	No	-	-	-
DHCP Server Service Remote Code Execution Vulnerability
CVE-2023-28231	No	No	-	-	Critical	8.8	7.7
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-28219	No	No	Less Likely	More Likely	Critical	8.1	7.1
CVE-2023-28220	No	No	-	-	Critical	8.1	7.1
Microsoft Defender Denial of Service Vulnerability
CVE-2023-24860	No	No	-	-	Important	7.5	6.5
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-28309	No	No	-	-	Important	7.6	6.6
CVE-2023-28314	No	No	-	-	Important	6.1	5.3
Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
CVE-2023-28313	No	No	-	-	Important	6.1	5.3
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVE-2023-28284	No	No	Less Likely	Less Likely	Moderate	4.3	3.8
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2023-24935	No	No	Less Likely	Less Likely	Low
Microsoft Edge (Chromium-based) Tampering Vulnerability
CVE-2023-28301	No	No	Less Likely	Less Likely	Low	4.2	3.7
Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-21769	No	No	-	-	Important	7.5	6.5
CVE-2023-28302	No	No	-	-	Important	7.5	6.5
Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-21554	No	No	-	-	Critical	9.8	8.5
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-23375	No	No	-	-	Important	7.8	7.0
CVE-2023-28304	No	No	-	-	Important	7.8	7.0
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-28285	No	No	-	-	Important	7.8	6.8
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24883	No	No	-	-	Important	6.5	5.7
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24924	No	No	-	-	Important	8.8	7.7
CVE-2023-24925	No	No	-	-	Important	8.8	7.7
CVE-2023-24884	No	No	-	-	Important	8.8	7.7
CVE-2023-24926	No	No	-	-	Important	8.8	7.7
CVE-2023-24885	No	No	-	-	Important	8.8	7.7
CVE-2023-24927	No	No	-	-	Important	8.8	7.7
CVE-2023-24886	No	No	-	-	Important	8.8	7.7
CVE-2023-24928	No	No	-	-	Important	8.8	7.7
CVE-2023-24887	No	No	-	-	Important	8.8	7.7
CVE-2023-24929	No	No	-	-	Important	8.8	7.7
CVE-2023-28243	No	No	-	-	Important	8.8	7.7
Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-28287	No	No	-	-	Important	7.8	6.8
CVE-2023-28295	No	No	-	-	Important	7.8	6.8
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-23384	No	No	-	-	Important	7.3	6.4
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-28288	No	No	-	-	Important	6.5	5.7
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-28275	No	No	-	-	Important	8.8	7.7
Microsoft Word Remote Code Execution Vulnerability
CVE-2023-28311	No	No	-	-	Important	7.8	6.8
Netlogon RPC Elevation of Privilege Vulnerability
CVE-2023-28268	No	No	-	-	Important	8.1	7.1
Raw Image Extension Remote Code Execution Vulnerability
CVE-2023-28291	No	No	-	-	Critical	8.4	7.3
CVE-2023-28292	No	No	-	-	Important	7.8	6.8
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2023-28267	No	No	-	-	Important	6.5	5.7
Remote Procedure Call Runtime Information Disclosure Vulnerability
CVE-2023-21729	No	No	Less Likely	Less Likely	Important	4.3	3.8
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-21727	No	No	Less Likely	Less Likely	Important	8.8	7.7
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-24893	No	No	-	-	Important	7.8	6.8
Visual Studio Elevation of Privilege Vulnerability
CVE-2023-28262	No	No	-	-	Important	7.8	7.0
Visual Studio Information Disclosure Vulnerability
CVE-2023-28263	No	No	-	-	Important	5.5	5.0
Visual Studio Remote Code Execution Vulnerability
CVE-2023-28296	No	No	-	-	Important	8.4	7.6
Visual Studio Spoofing Vulnerability
CVE-2023-28299	No	No	-	-	Important	5.5	5.0
Win32k Elevation of Privilege Vulnerability
CVE-2023-24914	No	No	-	-	Important	7.0	6.1
Windows Domain Name Service Remote Code Execution Vulnerability
CVE-2023-28223	No	No	Less Likely	Less Likely	Important	6.6	5.8
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVE-2023-28216	No	No	-	-	Important	7.0	6.1
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2023-28218	No	No	Less Likely	More Likely	Important	7.0	6.1
Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-28227	No	No	-	-	Important	7.5	6.5
Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2023-28269	No	No	-	-	Important	6.2	5.4
CVE-2023-28249	No	No	-	-	Important	6.2	5.4
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2023-28229	No	No	-	-	Important	7.0	6.1
Windows Clip Service Elevation of Privilege Vulnerability
CVE-2023-28273	No	No	-	-	Important	7.0	6.1
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-28252	No	Yes	-	-	Important	7.8	7.2
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2023-28266	No	No	-	-	Important	5.5	4.8
Windows DNS Server Information Disclosure Vulnerability
CVE-2023-28277	No	No	Less Likely	Less Likely	Important	4.9	4.3
Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28305	No	No	-	-	Important	6.6	5.8
CVE-2023-28254	No	No	Less Likely	Less Likely	Important	7.2	6.3
CVE-2023-28255	No	No	Less Likely	Less Likely	Important	6.6	5.8
CVE-2023-28278	No	No	Less Likely	Less Likely	Important	6.6	5.8
CVE-2023-28256	No	No	Less Likely	Less Likely	Important	6.6	5.8
CVE-2023-28306	No	No	-	-	Important	6.6	5.8
CVE-2023-28307	No	No	-	-	Important	6.6	5.8
CVE-2023-28308	No	No	-	-	Important	6.6	5.8
Windows Enroll Engine Security Feature Bypass Vulnerability
CVE-2023-28226	No	No	-	-	Important	5.3	4.6
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-28221	No	No	-	-	Important	7.0	6.1
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-24912	No	No	-	-	Important	7.8	6.8
Windows Group Policy Security Feature Bypass Vulnerability
CVE-2023-28276	No	No	Less Likely	Less Likely	Important	4.4	3.9
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
CVE-2023-28238	No	No	-	-	Important	7.5	6.5
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2023-28244	No	No	-	-	Important	8.1	7.1
Windows Kernel Denial of Service Vulnerability
CVE-2023-28298	No	No	-	-	Important	5.5	4.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-28222	No	No	-	-	Important	7.1	6.2
CVE-2023-28236	No	No	-	-	Important	7.8	6.8
CVE-2023-28248	No	No	-	-	Important	7.8	6.8
CVE-2023-28272	No	No	-	-	Important	7.8	6.8
CVE-2023-28293	No	No	-	-	Important	7.8	6.8
Windows Kernel Information Disclosure Vulnerability
CVE-2023-28253	No	No	-	-	Important	5.5	4.8
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2023-28271	No	No	-	-	Important	5.5	4.8
Windows Kernel Remote Code Execution Vulnerability
CVE-2023-28237	No	No	-	-	Important	7.8	6.8
Windows Lock Screen Security Feature Bypass Vulnerability
CVE-2023-28235	No	No	-	-	Important	6.8	5.9
CVE-2023-28270	No	No	-	-	Important	6.8	5.9
Windows NTLM Elevation of Privilege Vulnerability
CVE-2023-28225	No	No	-	-	Important	7.8	6.8
Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2023-28217	No	No	More Likely	Less Likely	Important	7.5	6.5
Windows Network File System Information Disclosure Vulnerability
CVE-2023-28247	No	No	-	-	Important	7.5	6.5
Windows Network Load Balancing Remote Code Execution Vulnerability
CVE-2023-28240	No	No	-	-	Important	8.8	7.7
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
CVE-2023-28224	No	No	-	-	Important	7.1	6.2
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-28232	No	No	-	-	Critical	7.5	6.5
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-28250	No	No	-	-	Critical	9.8	8.5
Windows Registry Elevation of Privilege Vulnerability
CVE-2023-28246	No	No	-	-	Important	7.8	6.8
Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
CVE-2023-28297	No	No	-	-	Important	8.8	7.7
Windows Secure Channel Denial of Service Vulnerability
CVE-2023-24931	No	No	-	-	Important	7.5	6.5
CVE-2023-28233	No	No	-	-	Important	7.5	6.5
CVE-2023-28234	No	No	-	-	Important	7.5	6.5
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
CVE-2023-28241	No	No	-	-	Important	7.5	6.5
Windows Spoofing Vulnerability
CVE-2023-28228	No	No	-	-	Important	5.5	4.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2023-28274	No	No	-	-	Important	7.8	7.0

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:

0 comment(s)

Internet Storm Center

Microsoft April 2023 Patch Tuesday

Comments