Breaking Down the Latest April 2023 Patch Tuesday Report

27Jun 2023 by Ernest Haberli Jr. No Comments

Microsoft releases security updates every month to address vulnerabilities in its software products. These updates are critical to ensuring the security of computer systems and networks. The April 2023 Patch Tuesday Report is important as it fixes various security vulnerabilities discovered in Microsoft’s software products. 

This blog will provide an overview of the latest April 2023 Patch Tuesday report, highlighting the significant vulnerabilities and their severity levels.

Microsoft Patch Tuesday April 2023 Report Summary

Microsoft released the April 2023 Patch Tuesday. Let’s see the summary of the report:

  • The update addresses 114 vulnerabilities, 7 are classified as critical, and 90 are classified as important.
  • The April 2023 update includes fixes for one zero-day vulnerabilities, which are exploited in the wild.
  • All 9 Critical vulnerabilities are Remote Code Execution vulnerabilities. 
  • The products covered in the April security update include Microsoft Office and Components, Microsoft Dynamics 365 Customer Voice, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Windows Kernel, Windows Layer 2 Tunneling Protocol, Windows Lock Screen, Windows Netlogon, Windows Secure Socket Tunneling Protocol (SSTP), Windows Transport Security Layer (TLS), Windows Win32K, and more.

Vulnerabilities by Category

The April 2023 Microsoft vulnerabilities are classified as follows: 

Vulnerability Type  Quantity  Severities 
Spoofing Vulnerability 6 Important: 3
Denial of Service Vulnerability 9 Important: 9
Elevation of Privilege Vulnerability 20 Important: 20
Information Disclosure Vulnerability 10 Important: 9
Remote Code Execution Vulnerability 45 Important: 38 Critical: 7
Security Feature Bypass Vulnerability 8 Important: 7
Microsoft Edge (Chromium-based) 15  

The list of 114 vulnerabilities has been classified into six different categories. Remote Code Execution (RCE) vulnerability has been identified as the most common, while Security Feature Bypass Vulnerability is the least frequent. The data presented in the table reveals that RCE vulnerability has occurred 45 times, with 7 of them categorized as Critical and the remaining 38 as Important in terms of severity. Please refer to the table above for a comprehensive view of the vulnerabilities based on their categories. 

List of Zero-Day Vulnerabilities Patched in April 2023 Patch Tuesday

Zero-day vulnerabilities are particularly dangerous as they give developers no time to create patches before attackers can exploit them. These vulnerabilities are especially concerning as they can be exploited before patches are released. Microsoft recently addressed one zero-day vulnerability that attackers were already exploiting.

CVE ID Vulnerable Product/Application Vulnerability Type
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege

Windows Common Log File System Driver Elevation of Privilege Vulnerability- CVE-2023-28252

Attackers can exploit CVE-2023-28252 in a low-complexity attack. A successful exploit of the flaw grants the attacker full SYSTEM privileges, and cyber criminals are currently using it to spread Nokoyawa Ransomware. 

Although the threat actors behind this attack have not been identified, the ransomware is already affecting organizations in various world regions, including South and North America, Asia, and the Middle East. 

 

See Also How to Patch These Two RCE Vulnerabilities in WhatsApp

The Cybersecurity and Infrastructure Security Agency (CISA) has also added this vulnerability to its Known Exploitable Vulnerabilities Catalog, indicating the severity of the issue.

List of Critical Vulnerabilities Patched in April 2023 Patch Tuesday

The list of all 7 critical vulnerabilities patched in April 2023 Patch Tuesday are as follows: 

CVE ID  Vulnerable Product/Application Vulnerability Type
CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability 
CVE-2023-28219  Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-28220 Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-28231 Windows DHCP Server Remote Code Execution Vulnerability
CVE-2023-28232 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-28250 Windows PGM Remote Code Execution Vulnerability
CVE-2023-28291 Windows Raw Image Extension Remote Code Execution Vulnerability

Complete List of Vulnerabilities Patched in April 2023 Patch Tuesday Are:

If you want to download the complete list of vulnerabilities patched in April 2023 Patch Tuesday, you can do it from here. 

CVE ID  Severity  CVE Title  Tag 
CVE-2023-28260 Important .NET DLL Hijacking Remote Code Execution Vulnerability .NET Core
CVE-2023-28312 Important Azure Machine Learning Information Disclosure Vulnerability Azure Machine Learning
CVE-2023-28300 Important Azure Machine Learning Information Disclosure Vulnerability Azure Service Connector
CVE-2023-28227 Important Windows Bluetooth Driver Remote Code Execution Vulnerability Microsoft Bluetooth Driver
CVE-2023-24860 Important Microsoft Defender Denial of Service Vulnerability Microsoft Defender for Endpoint
CVE-2023-28314 Important Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics
CVE-2023-28309 Important Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics
CVE-2023-28313 Important Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability Microsoft Dynamics 365 Customer Voice
CVE-2023-28284 Moderate Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge (Chromium-based)
CVE-2023-1823 Unknown Chromium: CVE-2023-1823 Inappropriate implementation in FedCM Microsoft Edge (Chromium-based)
CVE-2023-28301 Low Microsoft Edge (Chromium-based) Tampering Vulnerability Microsoft Edge (Chromium-based)
CVE-2023-1810 Unknown Chromium: CVE-2023-1810 Heap buffer overflow in Visuals Microsoft Edge (Chromium-based)
CVE-2023-24935 Low  Microsoft Edge (Chromium-based) Spoofing Vulnerability Microsoft Edge (Chromium-based)
CVE-2023-1819 Unknown Chromium: CVE-2023-1819 Out of bounds read in Accessibility Microsoft Edge (Chromium-based)
CVE-2023-1818 Unknown Chromium: CVE-2023-1818 Use after free in Vulkan Microsoft Edge (Chromium-based)
CVE-2023-1814 Unknown Chromium: CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing Microsoft Edge (Chromium-based)
CVE-2023-1821 Unknown Chromium: CVE-2023-1821 Inappropriate implementation in WebShare Microsoft Edge (Chromium-based)
CVE-2023-1811 Unknown Chromium: CVE-2023-1811 Use after free in Frames Microsoft Edge (Chromium-based)
CVE-2023-1820 Unknown Chromium: CVE-2023-1820 Heap buffer overflow in Browser History Microsoft Edge (Chromium-based)
CVE-2023-1816 Unknown Chromium: CVE-2023-1816 Incorrect security UI in Picture In Picture Microsoft Edge (Chromium-based)
CVE-2023-1815 Unknown Chromium: CVE-2023-1815 Use after free in Networking APIs Microsoft Edge (Chromium-based)
CVE-2023-1822 Unknown Chromium: CVE-2023-1822 Incorrect security UI in Navigation Microsoft Edge (Chromium-based)
CVE-2023-1813 Unknown Chromium: CVE-2023-1813 Inappropriate implementation in Extensions Microsoft Edge (Chromium-based)
CVE-2023-1812 Unknown Chromium: CVE-2023-1812 Out of bounds memory access in DOM Bindings Microsoft Edge (Chromium-based)
CVE-2023-1817 Unknown Chromium: CVE-2023-1817 Insufficient policy enforcement in Intents Microsoft Edge (Chromium-based)
CVE-2023-24912 Important Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component
CVE-2023-21769 Important Microsoft Message Queuing Denial of Service Vulnerability Microsoft Message Queuing
CVE-2023-21554 Critical  Microsoft Message Queuing Remote Code Execution Vulnerability Microsoft Message Queuing
CVE-2023-28285 Important Microsoft Office Graphics Remote Code Execution Vulnerability Microsoft Office
CVE-2023-28295 Important Microsoft Publisher Remote Code Execution Vulnerability Microsoft Office Publisher
CVE-2023-28287 Important Microsoft Publisher Remote Code Execution Vulnerability Microsoft Office Publisher
CVE-2023-28288 Important Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint
CVE-2023-28311 Important Microsoft Word Remote Code Execution Vulnerability Microsoft Office Word
CVE-2023-28243 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft PostScript Printer Driver
CVE-2023-24883 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24927 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24925 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24924 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24885 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24928 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24884 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24926 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24929 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24887 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-24886 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers
CVE-2023-28275 Important Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL
CVE-2023-28256 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28278 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28307 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28306 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28223 Important Windows Domain Name Service Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28254 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28305 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28308 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28255 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-28277 Important Windows DNS Server Remote Code Execution Vulnerability Microsoft Windows DNS
CVE-2023-23384 Important Windows DNS Server Remote Code Execution Vulnerability SQL Server
CVE-2023-23375 Important Microsoft SQL Server Remote Code Execution Vulnerability SQL Server
CVE-2023-28304 Important Microsoft ODBC and OLE DB Remote Code Execution Vulnerability SQL Server
CVE-2023-28299 Important Microsoft ODBC and OLE DB Remote Code Execution Vulnerability Visual Studio
CVE-2023-28262 Important Visual Studio Spoofing Vulnerability Visual Studio
CVE-2023-28263 Important Visual Studio Elevation of Privilege Vulnerability Visual Studio
CVE-2023-28296 Important Visual Studio Elevation of Privilege Vulnerability Visual Studio
CVE-2023-24893 Important Visual Studio Elevation of Privilege Vulnerability Visual Studio Code 
CVE-2023-28302 Important Visual Studio Code Remote Code Execution Vulnerability Windows Active Directory
CVE-2023-28236 Important Microsoft Message Queuing Denial of Service Vulnerability Windows ALPC
CVE-2023-28216 Important Windows Kernel Elevation of Privilege Vulnerability Windows ALPC
CVE-2023-28218 Important Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock
CVE-2023-28269 Important Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Boot Manager
CVE-2023-28249 Important Windows Boot Manager Security Feature Bypass Vulnerability Windows Boot Manager
CVE-2023-28273 Important Windows Boot Manager Security Feature Bypass Vulnerability Windows Clip Service
CVE-2023-28229 Important Windows Clip Service Elevation of Privilege Vulnerability Windows CNG Key Isolation Service
CVE-2023-28266 Important Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Windows Common Log File System Driver
CVE-2023-28252 Important Windows Common Log File System Driver Information Disclosure Vulnerability Windows Common Log File System Driver
CVE-2023-28231 Critical  Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows DHCP Server
CVE-2023-28226 Important DHCP Server Service Remote Code Execution Vulnerability Windows Enroll Engine
CVE-2023-28221 Important Windows Enroll Engine Security Feature Bypass Vulnerability Windows Error Reporting
CVE-2023-28276 Important Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Group Policy
CVE-2023-28238 Important Windows Group Policy Security Feature Bypass Vulnerability Windows Internet Key Exchange (IKE) Protocol
CVE-2023-28244 Important Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability Windows Kerberos
CVE-2023-28271 Important Windows Kerberos Elevation of Privilege Vulnerability Windows Kernel
CVE-2023-28248 Important Windows Kernel Memory Information Disclosure Vulnerability Windows Kernel
CVE-2023-28222 Important Windows Kernel Elevation of Privilege Vulnerability Windows Kernel
CVE-2023-28272 Important Windows Kernel Elevation of Privilege Vulnerability Windows Kernel
CVE-2023-28293 Important Windows Kernel Elevation of Privilege Vulnerability Windows Kernel
CVE-2023-28253 Important Windows Kernel Elevation of Privilege Vulnerability Windows Kernel
CVE-2023-28237 Important Windows Kernel Remote Code Execution Vulnerability Windows Kernel
CVE-2023-28298 Important Windows Kernel Denial of Service Vulnerability Windows Kernel
CVE-2023-28219 Critical  Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol
CVE-2023-28220 Critical  Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol
CVE-2023-28270 Important Windows Lock Screen Security Feature Bypass Vulnerability Windows Lock Screen
CVE-2023-28235 Important Windows Lock Screen Security Feature Bypass Vulnerability Windows Lock Screen
CVE-2023-28268 Important Netlogon RPC Elevation of Privilege Vulnerability Windows Netlogon
CVE-2023-28217 Important Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Network Address Translation (NAT)
CVE-2023-28247 Important Windows Network File System Information Disclosure Vulnerability Windows Network File System
CVE-2023-28240 Important Windows Network Load Balancing Remote Code Execution Vulnerability Windows Network Load Balancing
CVE-2023-28225 Important Windows NTLM Elevation of Privilege Vulnerability Windows NTLM
CVE-2023-28250 Critical  Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows PGM
CVE-2023-28224 Important  Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability Windows Point-to-Point Protocol over Ethernet (PPPoE)
CVE-2023-28232 Critical  Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Windows Point-to-Point Tunneling Protocol
CVE-2023-28291 Critical  Raw Image Extension Remote Code Execution Vulnerability Windows Raw Image Extension
CVE-2023-28292 Important Raw Image Extension Remote Code Execution Vulnerability Windows Raw Image Extension
CVE-2023-28228 Important Windows Spoofing Vulnerability Windows RDP Client
CVE-2023-28267 Important Remote Desktop Protocol Client Information Disclosure Vulnerability Windows RDP Client
CVE-2023-28246 Important Windows Registry Elevation of Privilege Vulnerability Windows Registry
CVE-2023-21729 Important Remote Procedure Call Runtime Information Disclosure Vulnerability Windows RPC API
CVE-2023-21727 Important Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows RPC API
CVE-2023-28297 Important Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability Windows RPC API
CVE-2023-24931 Important Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel
CVE-2023-28233 Important Windows Secure Channel Denial of Service Vulnerability Windows Secure Channel
CVE-2023-28241 Important Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-28234 Important Windows Secure Channel Denial of Service Vulnerability Windows Transport Security Layer (TLS)
CVE-2023-28274 Important Windows Win32k Elevation of Privilege Vulnerability Windows Win32K
CVE-2023-24914 Important Win32k Elevation of Privilege Vulnerability Windows Win32K

We hope this blog post has helped you understand the April 2023 Patch Tuesday release from Microsoft that addresses several important updates for Microsoft products, including Windows, Office, and Exchange Server. This monthly security update is essential for addressing various security vulnerabilities and enhancing the overall security of systems. 

 

You should prioritize applying the patches as soon as possible to mitigate the potential risks associated with these vulnerabilities. By staying up-to-date with the latest security patches and implementing proactive security measures, you can better protect your systems against potential cyber threats and ensure the safety and integrity of the systems and data.

Leave a Reply

Your email address will not be published. Required fields are marked *