Today is Microsoft's April 2023 Patch Tuesday, and security updates fix one actively exploited zero-day vulnerability and a total of 97 flaws.
Seven vulnerabilities have been classified as 'Critical' for allowing remote code execution, the most serious of vulnerabilities.
The number of bugs in each vulnerability category is listed below:
- 20 Elevation of Privilege Vulnerabilities
- 8 Security Feature Bypass Vulnerabilities
- 45 Remote Code Execution Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 9 Denial of Service Vulnerabilities
- 6 Spoofing Vulnerabilities
This count does not include seventeen Microsoft Edge vulnerabilities fixed on April 6th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5025239 cumulative update and Windows 10 KB5025221 and KB5025229 updates.
One zero-day fixed
This month's Patch Tuesday fixes one zero-day vulnerability actively exploited in attacks.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The actively exploited zero-day vulnerability in today's updates is:
CVE-2023-28252 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft has fixed a privilege elevation vulnerability in the Windows CLFS driver that elevates privileges to SYSTEM, the highest user privilege level in Windows.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," reads Microsoft's advisory.
Microsoft says that the vulnerability was discovered by Genwei Jiang with Mandiant and Quan Jin with DBAPPSecurity WeBin Lab.
However, Kaspersky says they also discovered and reported the CVE-2023-28252 vulnerability to Microsoft after seeing it exploited in Nokoyawa ransomware attacks.
While not actively exploited, Microsoft Office, Word, and Publisher remote code execution vulnerabilities were fixed today that can be exploited simply by opening malicious documents.
These vulnerabilities are tracked as CVE-2023-28285, CVE-2023-28295, CVE-2023-28287, and CVE-2023-28311.
As these types of vulnerabilities are valuable in phishing campaigns, threat actors will likely attempt to discover how they can be exploited for use in malware distribution campaigns.
Therefore, it is strongly recommended that Microsoft Office users install today's security updates as soon as possible.
Recent updates from other companies
Other vendors who released updates in April 2023 include:
- Apple released a security updates to fix two actively exploited zero-days in iOS and macOS.
- Cisco released security updates for multiple products.
- Fortinet released security updates for multiple products.
- Google released the Android April 2023 and Google Chrome security updates.
- SAP has released its April 2023 Patch Day updates.
The April 2023 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the April 2023 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core | CVE-2023-28260 | .NET DLL Hijacking Remote Code Execution Vulnerability | Important |
| Azure Machine Learning | CVE-2023-28312 | Azure Machine Learning Information Disclosure Vulnerability | Important |
| Azure Service Connector | CVE-2023-28300 | Azure Service Connector Security Feature Bypass Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-28227 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2023-24860 | Microsoft Defender Denial of Service Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-28314 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-28309 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics 365 Customer Voice | CVE-2023-28313 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2023-28284 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2023-1823 | Chromium: CVE-2023-1823 Inappropriate implementation in FedCM | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-28301 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2023-1810 | Chromium: CVE-2023-1810 Heap buffer overflow in Visuals | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-24935 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2023-1819 | Chromium: CVE-2023-1819 Out of bounds read in Accessibility | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1818 | Chromium: CVE-2023-1818 Use after free in Vulkan | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1814 | Chromium: CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1821 | Chromium: CVE-2023-1821 Inappropriate implementation in WebShare | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1811 | Chromium: CVE-2023-1811 Use after free in Frames | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1820 | Chromium: CVE-2023-1820 Heap buffer overflow in Browser History | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1816 | Chromium: CVE-2023-1816 Incorrect security UI in Picture In Picture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1815 | Chromium: CVE-2023-1815 Use after free in Networking APIs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1822 | Chromium: CVE-2023-1822 Incorrect security UI in Navigation | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1813 | Chromium: CVE-2023-1813 Inappropriate implementation in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1812 | Chromium: CVE-2023-1812 Out of bounds memory access in DOM Bindings | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1817 | Chromium: CVE-2023-1817 Insufficient policy enforcement in Intents | Unknown |
| Microsoft Graphics Component | CVE-2023-24912 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21769 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21554 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2023-28285 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-28288 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2023-28311 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-28243 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24883 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24927 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24925 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24924 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24885 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24928 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24884 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24926 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24929 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24887 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24886 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-28275 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28256 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28278 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28307 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28306 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28223 | Windows Domain Name Service Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28254 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28305 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28308 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28255 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28277 | Windows DNS Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2023-23375 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2023-28304 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2023-28299 | Visual Studio Spoofing Vulnerability | Important |
| Visual Studio | CVE-2023-28262 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2023-28263 | Visual Studio Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2023-28296 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2023-24893 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Active Directory | CVE-2023-28302 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Windows ALPC | CVE-2023-28236 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows ALPC | CVE-2023-28216 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2023-28218 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Boot Manager | CVE-2023-28269 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2023-28249 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Clip Service | CVE-2023-28273 | Windows Clip Service Elevation of Privilege Vulnerability | Important |
| Windows CNG Key Isolation Service | CVE-2023-28229 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2023-28266 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows DHCP Server | CVE-2023-28231 | DHCP Server Service Remote Code Execution Vulnerability | Critical |
| Windows Enroll Engine | CVE-2023-28226 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important |
| Windows Error Reporting | CVE-2023-28221 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Group Policy | CVE-2023-28276 | Windows Group Policy Security Feature Bypass Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2023-28238 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | Important |
| Windows Kerberos | CVE-2023-28244 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28271 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-28248 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28222 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28272 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28293 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28253 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-28237 | Windows Kernel Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2023-28298 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows Layer 2 Tunneling Protocol | CVE-2023-28219 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-28220 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Lock Screen | CVE-2023-28270 | Windows Lock Screen Security Feature Bypass Vulnerability | Important |
| Windows Lock Screen | CVE-2023-28235 | Windows Lock Screen Security Feature Bypass Vulnerability | Important |
| Windows Netlogon | CVE-2023-28268 | Netlogon RPC Elevation of Privilege Vulnerability | Important |
| Windows Network Address Translation (NAT) | CVE-2023-28217 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
| Windows Network File System | CVE-2023-28247 | Windows Network File System Information Disclosure Vulnerability | Important |
| Windows Network Load Balancing | CVE-2023-28240 | Windows Network Load Balancing Remote Code Execution Vulnerability | Important |
| Windows NTLM | CVE-2023-28225 | Windows NTLM Elevation of Privilege Vulnerability | Important |
| Windows PGM | CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-28224 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Raw Image Extension | CVE-2023-28291 | Raw Image Extension Remote Code Execution Vulnerability | Critical |
| Windows Raw Image Extension | CVE-2023-28292 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Windows RDP Client | CVE-2023-28228 | Windows Spoofing Vulnerability | Important |
| Windows RDP Client | CVE-2023-28267 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Windows Registry | CVE-2023-28246 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows RPC API | CVE-2023-21729 | Remote Procedure Call Runtime Information Disclosure Vulnerability | Important |
| Windows RPC API | CVE-2023-21727 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows RPC API | CVE-2023-28297 | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability | Important |
| Windows Secure Channel | CVE-2023-24931 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Secure Channel | CVE-2023-28233 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-28241 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | Important |
| Windows Transport Security Layer (TLS) | CVE-2023-28234 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Win32K | CVE-2023-28274 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2023-24914 | Win32k Elevation of Privilege Vulnerability | Important |
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now