Today is Microsoft’s April 2023 Patch Tuesday, and security updates fix one actively exploited zero-day vulnerability and a total of 97 flaws.
Seven vulnerabilities have been classified as ‘Critical’ for allowing remote code execution, the most serious of vulnerabilities.
This count does not include seventeen Microsoft Edge vulnerabilities fixed on April 6th.
This month’s Patch Tuesday fixes one zero-day vulnerability actively exploited in attacks.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
CVE-2023-28252 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft has fixed a privilege elevation vulnerability in the Windows CLFS driver that elevates privileges to SYSTEM, the highest user privilege level in Windows.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” reads Microsoft’s advisory.
Microsoft says that the vulnerability was discovered by Genwei Jiang with Mandiant and Quan Jin with DBAPPSecurity WeBin Lab.
While not actively exploited, Microsoft Office, Word, and Publisher remote code execution vulnerabilities were fixed today that can be exploited simply by opening malicious documents.
As these types of vulnerabilities are valuable in phishing campaigns, threat actors will likely attempt to discover how they can be exploited for use in malware distribution campaigns.
Therefore, it is strongly recommended that Microsoft Office users install today’s security updates as soon as possible.
Below is the complete list of resolved vulnerabilities in the April 2023 Patch Tuesday updates.
To access the full description of each vulnerability and the systems it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Core | CVE-2023-28260 | .NET DLL Hijacking Remote Code Execution Vulnerability | Important |
| Azure Machine Learning | CVE-2023-28312 | Azure Machine Learning Information Disclosure Vulnerability | Important |
| Azure Service Connector | CVE-2023-28300 | Azure Service Connector Security Feature Bypass Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2023-28227 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Important |
| Microsoft Defender for Endpoint | CVE-2023-24860 | Microsoft Defender Denial of Service Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-28314 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-28309 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
| Microsoft Dynamics 365 Customer Voice | CVE-2023-28313 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2023-28284 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2023-1823 | Chromium: CVE-2023-1823 Inappropriate implementation in FedCM | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-28301 | Microsoft Edge (Chromium-based) Tampering Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2023-1810 | Chromium: CVE-2023-1810 Heap buffer overflow in Visuals | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-24935 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2023-1819 | Chromium: CVE-2023-1819 Out of bounds read in Accessibility | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1818 | Chromium: CVE-2023-1818 Use after free in Vulkan | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1814 | Chromium: CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1821 | Chromium: CVE-2023-1821 Inappropriate implementation in WebShare | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1811 | Chromium: CVE-2023-1811 Use after free in Frames | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1820 | Chromium: CVE-2023-1820 Heap buffer overflow in Browser History | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1816 | Chromium: CVE-2023-1816 Incorrect security UI in Picture In Picture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1815 | Chromium: CVE-2023-1815 Use after free in Networking APIs | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1822 | Chromium: CVE-2023-1822 Incorrect security UI in Navigation | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1813 | Chromium: CVE-2023-1813 Inappropriate implementation in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1812 | Chromium: CVE-2023-1812 Out of bounds memory access in DOM Bindings | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2023-1817 | Chromium: CVE-2023-1817 Insufficient policy enforcement in Intents | Unknown |
| Microsoft Graphics Component | CVE-2023-24912 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21769 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Microsoft Message Queuing | CVE-2023-21554 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2023-28285 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability | Important |
| Microsoft Office Publisher | CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-28288 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2023-28311 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft PostScript Printer Driver | CVE-2023-28243 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24883 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24927 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24925 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24924 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24885 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24928 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24884 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24926 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24929 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24887 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft Printer Drivers | CVE-2023-24886 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-28275 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28256 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28278 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28307 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28306 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28223 | Windows Domain Name Service Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28254 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28305 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28308 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28255 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2023-28277 | Windows DNS Server Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2023-23375 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | Important |
| SQL Server | CVE-2023-28304 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2023-28299 | Visual Studio Spoofing Vulnerability | Important |
| Visual Studio | CVE-2023-28262 | Visual Studio Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2023-28263 | Visual Studio Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2023-28296 | Visual Studio Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2023-24893 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Active Directory | CVE-2023-28302 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
| Windows ALPC | CVE-2023-28236 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows ALPC | CVE-2023-28216 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2023-28218 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Boot Manager | CVE-2023-28269 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Boot Manager | CVE-2023-28249 | Windows Boot Manager Security Feature Bypass Vulnerability | Important |
| Windows Clip Service | CVE-2023-28273 | Windows Clip Service Elevation of Privilege Vulnerability | Important |
| Windows CNG Key Isolation Service | CVE-2023-28229 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2023-28266 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows DHCP Server | CVE-2023-28231 | DHCP Server Service Remote Code Execution Vulnerability | Critical |
| Windows Enroll Engine | CVE-2023-28226 | Windows Enroll Engine Security Feature Bypass Vulnerability | Important |
| Windows Error Reporting | CVE-2023-28221 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
| Windows Group Policy | CVE-2023-28276 | Windows Group Policy Security Feature Bypass Vulnerability | Important |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2023-28238 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | Important |
| Windows Kerberos | CVE-2023-28244 | Windows Kerberos Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28271 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-28248 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28222 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28272 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28293 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2023-28253 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-28237 | Windows Kernel Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2023-28298 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows Layer 2 Tunneling Protocol | CVE-2023-28219 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Layer 2 Tunneling Protocol | CVE-2023-28220 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Lock Screen | CVE-2023-28270 | Windows Lock Screen Security Feature Bypass Vulnerability | Important |
| Windows Lock Screen | CVE-2023-28235 | Windows Lock Screen Security Feature Bypass Vulnerability | Important |
| Windows Netlogon | CVE-2023-28268 | Netlogon RPC Elevation of Privilege Vulnerability | Important |
| Windows Network Address Translation (NAT) | CVE-2023-28217 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Important |
| Windows Network File System | CVE-2023-28247 | Windows Network File System Information Disclosure Vulnerability | Important |
| Windows Network Load Balancing | CVE-2023-28240 | Windows Network Load Balancing Remote Code Execution Vulnerability | Important |
| Windows NTLM | CVE-2023-28225 | Windows NTLM Elevation of Privilege Vulnerability | Important |
| Windows PGM | CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
| Windows Point-to-Point Protocol over Ethernet (PPPoE) | CVE-2023-28224 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Important |
| Windows Point-to-Point Tunneling Protocol | CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | Critical |
| Windows Raw Image Extension | CVE-2023-28291 | Raw Image Extension Remote Code Execution Vulnerability | Critical |
| Windows Raw Image Extension | CVE-2023-28292 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Windows RDP Client | CVE-2023-28228 | Windows Spoofing Vulnerability | Important |
| Windows RDP Client | CVE-2023-28267 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Windows Registry | CVE-2023-28246 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows RPC API | CVE-2023-21729 | Remote Procedure Call Runtime Information Disclosure Vulnerability | Important |
| Windows RPC API | CVE-2023-21727 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
| Windows RPC API | CVE-2023-28297 | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability | Important |
| Windows Secure Channel | CVE-2023-24931 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Secure Channel | CVE-2023-28233 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-28241 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | Important |
| Windows Transport Security Layer (TLS) | CVE-2023-28234 | Windows Secure Channel Denial of Service Vulnerability | Important |
| Windows Win32K | CVE-2023-28274 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2023-24914 | Win32k Elevation of Privilege Vulnerability | Important |
Views: 0
