Microsoft April fixes 97 vulnerabilities

Microsoft April fixes 97 vulnerabilities

1. EXECUTIVE SUMMARY
In its April 2023 Patch Tuesday update, Microsoft reported 97 security fixes. Of the total number of vulnerabilities, 7 are classified as critical and correspond to remote code execution (RCE) and 90 are classified as important.

Additionally, there are 17 vulnerabilities associated with Chromium that are not considered in the above detail.
The vulnerabilities are as follows:

- 45 Remote Code Execution (RCE) vulnerabilities
- 20 Elevation of Privilege vulnerabilities
- 10 Information Disclosure vulnerabilities
- 9 Denial of Service (DoS) vulnerabilities
- 7 Security Feature Bypass vulnerabilities
- 6 Spoofing vulnerabilities

2. PRIORITY VULNERABILITIES CVE-2023-28250 [CVSSv3.1: 8.5].

Remote code execution vulnerability in Windows Pragmatic General Multicast (PGM). This vulnerability corresponds to a critical RCE in the Pragmatic General Multicast protocol installed with the MSMQ service. It allows attackers to trigger the Windows message queuing service, which could allow them to send a specially crafted file over the network
to achieve remote code execution and attempt to trigger malicious code CVE-2023-28231 [CVSSv3.1: 7.7].

Remote code execution vulnerability in DHCP Server Service.
This vulnerability allows an unknown function of the DHCP Server Service component to be affected by this vulnerability. The exact effects of a successful attack are not known.
CVE-2023-28232 [CVSSv3.1: 6.5]
Remote code execution vulnerability in the Windows point-to-point tunneling protocol. This vulnerability affects unknown code in the Point-to-Point Tunneling Protocol component. Confidentiality, Integrity and Availability (CID or CIA) is affected. CVE-2023-21554, CVE-2023-28291 [CVSSv3.1: 7.3].

Remote code execution vulnerability in the raw image extension. Corresponds to a critical remote code execution (RCE) vulnerability in the
Microsoft Message Queuing service (an optional Windows component available on all Windows operating systems). It can be triggered by a specially crafted malicious MSMQ packet sent to an MSMQ server.

CVE-2023-28219, CVE-2023-28220 [CVSSv3.1: 7.1]
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability.
The vulnerability exists due to a race condition in the Layer 2 Tunneling Protocol. A remote attacker can exploit the race condition and execute arbitrary code on the target system.

3. DAY 0 VULNERABILITY CVE-2023-28252 [CVSSv3.1: 7.8]
Windows Common Log File System driver elevation of privilege vulnerability. This vulnerability corresponds to the Windows Common Log File System (CLFS) that allows attackers to gain SYSTEM privileges on target machines.

This is the second of the zero-day CLFS type vulnerabilities, the first was covered in CVE-2023- 23376 patched in February of this year 2023.

Microsoft April fixes 97 vulnerabilities

This vulnerability is already known to have an exploit actively used by the Nokoyawa Ransomware group.

4. MITIGATION
Install manufacturer's updates available from the vendor's official media, after analyzing the impact it could have on your organization's business-critical services.

To do so, please consult with your technical staff or corresponding resolution areas.

5. CVE
- CVE-2023-1810
- CVE-2023-1811
- CVE-2023-1812
- CVE-2023-1813
- CVE-2023-1814
- CVE-2023-1815
- CVE-2023-1816
- CVE-2023-1817
- CVE-2023-1818
- CVE-2023-1819
- CVE-2023-1820
- CVE-2023-1821
- CVE-2023-1822
- CVE-2023-1823
- CVE-2023-21554
- CVE-2023-21727
- CVE-2023-21729
- CVE-2023-21769
- CVE-2023-23375
- CVE-2023-23384
- CVE-2023-24860
- CVE-2023-24883
- CVE-2023-24884
- CVE-2023-24885
- CVE-2023-24886
- CVE-2023-24887
- CVE-2023-24893
- CVE-2023-24912
- CVE-2023-24914
- CVE-2023-24924
- CVE-2023-24925
- CVE-2023-24926
- CVE-2023-24927
- CVE-2023-24928
- CVE-2023-24929
- CVE-2023-24931
- CVE-2023-24935
- CVE-2023-28216
- CVE-2023-28217
- CVE-2023-28218
- CVE-2023-28219
- CVE-2023-28220
- CVE-2023-28221
- CVE-2023-28222
- CVE-2023-28223
- CVE-2023-28224
- CVE-2023-28225
- CVE-2023-28226
- CVE-2023-28227
- CVE-2023-28228
- CVE-2023-28229
- CVE-2023-28231
- CVE-2023-28232
- CVE-2023-28233
- CVE-2023-28234
- CVE-2023-28235
- CVE-2023-28236
- CVE-2023-28237
- CVE-2023-28238
- CVE-2023-28240
- CVE-2023-28241
- CVE-2023-28243
- CVE-2023-28244
- CVE-2023-28246
- CVE-2023-28247
- CVE-2023-28248
- CVE-2023-28249
- CVE-2023-28249 - CVE-2023-28249 - CVE-2023-288250
- CVE-2023-28252
- CVE-2023-28253
- CVE-2023-28254
- CVE-2023-28255
- CVE-2023-28256
- CVE-2023-28260
- CVE-2023-28262
- CVE-2023-28263
- CVE-2023-28266
- CVE-2023-28267
- CVE-2023-28268
- CVE-2023-28269
- CVE-2023-28270
- CVE-2023-28271
- CVE-2023-28272
- CVE-2023-28273
- CVE-2023-28274
- CVE-2023-28275
- CVE-2023-28276
- CVE-2023-28277
- CVE-2023-28278
- CVE-2023-28284
- CVE-2023-28285
- CVE-2023-28287
- CVE-2023-28288
- CVE-2023-28291
- CVE-2023-28292
- CVE-2023-28293
- CVE-2023-28295
- CVE-2023-28296
- CVE-2023-28297
- CVE-2023-28298
- CVE-2023-28299
- CVE-2023-28300
- CVE-2023-28301
- CVE-2023-28302
- CVE-2023-28304
- CVE-2023-28305
- CVE-2023-28306
- CVE-2023-28307
- CVE-2023-28308
- CVE-2023-28309
- CVE-2023-28311
- CVE-2023-28312
- CVE-2023-28313
- CVE-2023-28314

Microsoft April fixes 97 vulnerabilities

6. Affected Products

Microsoft April fixes 97 vulnerabilities

Microsoft April fixes 97 vulnerabilities

Microsoft April fixes 97 vulnerabilities