Microsoft April 2023 Security Updates Fixes 97 Vulnerabilities (7 Critical, 1 zero-day)

By / / Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / CLFS, CVE-2023-21554, CVE-2023-28219, CVE-2023-28220, CVE-2023-28231, CVE-2023-28232, CVE-2023-28250, CVE-2023-28252, CVE-2023-28291, Windows

The Microsoft April 2023 Security Updates includes patches and advisories for 97 vulnerabilities, including 7 Critical severity issues and one zero-day exploited in the wild.

A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.

Microsoft Products Affected

In all, the Microsoft monthly security updates fixes vulnerabilities in the following products, features and roles:

  • .NET Core
  • Azure Machine Learning
  • Azure Service Connector
  • Microsoft Bluetooth Driver
  • Microsoft Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Dynamics 365 Customer Voice
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Message Queuing
  • Microsoft Office
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows DNS
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Boot Manager
  • Windows Clip Service
  • Windows CNG Key Isolation Service
  • Windows Common Log File System Driver
  • Windows DHCP Server
  • Windows Enroll Engine
  • Windows Error Reporting
  • Windows Group Policy
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kerberos
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows Lock Screen
  • Windows Netlogon
  • Windows Network Address Translation (NAT)
  • Windows Network File System
  • Windows Network Load Balancing
  • Windows NTLM
  • Windows PGM
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Point-to-Point Tunneling Protocol
  • Windows Raw Image Extension
  • Windows RDP Client
  • Windows Registry
  • Windows RPC API
  • Windows Secure Boot
  • Windows Secure Channel
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Transport Security Layer (TLS)
  • Windows Win32K

Readers can check out the April 2023 Security Updates and also download more vulnerability and patch details via Microsoft’s Security Update Guide.

Zero-day CVE

Microsoft patched one zero day Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability (CVE-2023-28252) on April 11, 2023 that was reported as exploited in the wild. CLFS is a general-purpose logging service that can be used by software clients running in user-mode or kernel-mode.

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CISA also added CVE-2023-28252 to its Known Exploited Vulnerabilities Catalog.

Microsoft has rated the issue as Important and is assigned a CVSS score of 7.8.

Critical RCEs

In addition, Microsoft patched the following seven (7) Critical Remote Code Execution (RCE) vulnerabilities (along with CVSS score) on April 11, 2023:

  1. CVE-2023-21554: Microsoft Message Queuing Remote Code Execution Vulnerability (CVSS 9.8)*
  2. CVE-2023-28219: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CVSS 8.1)*
  3. CVE-2023-28220: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CVSS 8.1)*
  4. CVE-2023-28231: DHCP Server Service Remote Code Execution Vulnerability (CVSS 8.8)*
  5. CVE-2023-28232: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability (CVSS 7.5)
  6. CVE-2023-28250: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVSS 9.8)
  7. CVE-2023-28291: Raw Image Extension Remote Code Execution Vulnerability (CVSS 8.4).

* Microsoft confirmed four of the Critical RCE vulnerabilities (CVE-2023-21554, CVE-2023-28219, CVE-2023-28220, CVE-2023-28231) were each likely of being exploited in the future, so should be prioritized for patching.

Other CVEs

Moreover, Microsoft addressed multiple other vulnerabilities in multiple products on April 11, 2023.

The patched issues rated Important in severity include Denial of Service (9), Elevation of Privilege (20), Information Disclosure (10), Remote Code Execution (38), Security Feature Bypass (7), and Spoofing (6) vulnerabilities.

The monthly update also covers 14 Moderate rated Chrome Edge patches released on March 24.

Related Articles