Runecast has been acquired by Dynatrace!
Read more
DORA Compliance Automation for VMware, Windows and Linux
Read About DORA
Login

Patch Tuesday – 7 critical CVEs & 1 zero-day vulnerability

Microsoft fixed 98 security flaws in its third Patch Tuesday of 2023, including 1 that was exploited in the wild.
Adrian Borlea
by
Adrian Borlea
|
April 28, 2023
Security Alert
In this article:
-
-
-
-
-

Microsoft has released patches for 97 vulnerabilities in the April Patch Tuesday rollout. Out of all patches released, 7 are rated as critical while the remaining 90 are classified as Important. One vulnerability is identified as actively being exploited. While this volume seems to be in line with past years, the number of remote code execution (RCE) vulnerabilities is almost half of the list.

Let’s take a closer look at the most interesting updates for this month. 

Notable Critical Microsoft Vulnerabilities

Microsoft Message Queuing Remote Code Execution Vulnerability:

  • CVE-2023-21554 is a RCE Vulnerability affecting MSMQ (Microsoft Message Queuing) with a CVSSv3 score of 9.8. An attacker could exploit this flaw by sending a specially crafted MSMQ packet to an affected server. Successful exploitation of this vulnerability requires the Windows message queuing service to be enabled. When enabled TCP port 1801 will be listening ton the host.

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

  • CVE-2023-28250 is a RCE vulnerability affecting Windows Pragmatic General Multicast (PGM). Successful exploitation requires the MSMQ to be enabled. An attacker could exploit this flaw by sending a crafted file over the network in order to execute arbitrary code.

DHCP Server Service Remote Code Execution Vulnerability

  • CVE-2023-28231 is a RCE affecting the DHCP (Dynamic Host Configuration Protocol) server service. Successful exploitation requires an attacker to be on an adjacent network prior to using a crafted RPC call to exploit this flaw.

The actively exploited zero-day vulnerability is CVE-2023-28252 which is rated as Important and is a Windows Common Log File System Driver Elevation of Privilege Vulnerability. There was a similar 0-day vulnerability patched in the same component just two months ago (CVE-2023-23376). The successful exploitation of the vulnerability will grant the attacker full SYSTEM privileges on Windows systems.    

Runecast Analyzer is covering all the 75 vulnerabilities that affect Windows operating systems. Details of these vulnerabilities are shown in the list below.

Click to view larger image ↑

Important | Windows Bluetooth Driver Remote Code Execution Vulnerability

CVE-2023-28227 Microsoft Bluetooth Driver RCE

Important | Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2023-24912 Microsoft Graphics Component EoP

Important | Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-21769 Microsoft Message Queuing DoS

⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-21554 Microsoft Message Queuing RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-28243 Microsoft PostScript Printer Driver RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

CVE-2023-24883 Microsoft Printer Drivers Info

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24927 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24925 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24924 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24885 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24928 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24884 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24926 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24929 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24887 Microsoft Printer Drivers RCE

Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

CVE-2023-24886 Microsoft Printer Drivers RCE

Important | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-28275 Microsoft WDAC OLE DB provider for SQL RCE

Important | Windows DNS Server Remote Code Execution Vulnerability

CVE-2023-28256 Microsoft Windows DNS RCE

Important | Windows DNS Server Remote Code Execution Vulnerability

CVE-2023-28278 Microsoft Windows DNS RCE

Important | Windows DNS Server Remote Code Execution Vulnerability

CVE-2023-28307 Microsoft Windows DNS RCE

Important | Windows DNS Server Remote Code Execution Vulnerability

CVE-2023-28306 Microsoft Windows DNS RCE

Important | Windows Domain Name Service Remote Code Execution Vulnerability

CVE-2023-28223 Microsoft Windows DNS RCE

Important | Windows DNS Server Remote Code Execution Vulnerability

CVE-2023-28254 Microsoft Windows DNS RCE

Important | Windows DNS Server Remote Code Execution Vulnerability

CVE-2023-28305 Microsoft Windows DNS RCE

Important | Windows DNS Server Remote Code Execution Vulnerability

CVE-2023-28308 Microsoft Windows DNS RCE

Important | Windows DNS Server Remote Code Execution Vulnerability

CVE-2023-28255 Microsoft Windows DNS RCE

Important | Windows DNS Server Information Disclosure Vulnerability

CVE-2023-28277 Microsoft Windows DNS Info

Important | Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-28302 Windows Active Directory DoS

Important | Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-28236 Windows ALPC EoP

Important | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVE-2023-28216 Windows ALPC EoP

Important | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2023-28218 Windows Ancillary Function Driver for WinSock EoP

Important | Windows Boot Manager Security Feature Bypass Vulnerability

CVE-2023-28269 Windows Boot Manager SFB

Important | Windows Boot Manager Security Feature Bypass Vulnerability

CVE-2023-28249 Windows Boot Manager SFB

Important | Windows Clip Service Elevation of Privilege Vulnerability

CVE-2023-28273 Windows Clip Service EoP

Important | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

CVE-2023-28229 Windows CNG Key Isolation Service EoP

Important | Windows Common Log File System Driver Information Disclosure Vulnerability

CVE-2023-28266 Windows Common Log File System Driver Info

Important | Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2023-28252 Windows Common Log File System Driver EoP

⭕ Critical | DHCP Server Service Remote Code Execution Vulnerability

CVE-2023-28231 Windows DHCP Server RCE

Important | Windows Enroll Engine Security Feature Bypass Vulnerability

CVE-2023-28226 Windows Enroll Engine SFB

Important | Windows Error Reporting Service Elevation of Privilege Vulnerability

CVE-2023-28221 Windows Error Reporting EoP

Important | Windows Group Policy Security Feature Bypass Vulnerability

CVE-2023-28276 Windows Group Policy SFB

Important | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2023-28238 Windows Internet Key Exchange (IKE) Protocol RCE

Important | Windows Kerberos Elevation of Privilege Vulnerability

CVE-2023-28244 Windows Kerberos EoP

Important | Windows Kernel Memory Information Disclosure Vulnerability

CVE-2023-28271 Windows Kernel Info

Important | Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-28248 Windows Kernel EoP

Important | Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-28222 Windows Kernel EoP

Important | Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-28272 Windows Kernel EoP

Important | Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-28293 Windows Kernel EoP

Important | Windows Kernel Information Disclosure Vulnerability

CVE-2023-28253 Windows Kernel Info

Important | Windows Kernel Remote Code Execution Vulnerability

CVE-2023-28237 Windows Kernel RCE

Important | Windows Kernel Denial of Service Vulnerability

CVE-2023-28298 Windows Kernel DoS

⭕ Critical | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-28219 Windows Layer 2 Tunneling Protocol RCE

⭕ Critical | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-28220 Windows Layer 2 Tunneling Protocol RCE

Important | Windows Lock Screen Security Feature Bypass Vulnerability

CVE-2023-28270 Windows Lock Screen SFB

Important | Windows Lock Screen Security Feature Bypass Vulnerability

CVE-2023-28235 Windows Lock Screen SFB

Important | Netlogon RPC Elevation of Privilege Vulnerability

CVE-2023-28268 Windows Netlogon EoP

Important | Windows Network Address Translation (NAT) Denial of Service Vulnerability

CVE-2023-28217 Windows Network Address Translation (NAT) DoS

Important | Windows Network File System Information Disclosure Vulnerability

CVE-2023-28247 Windows Network File System Info

Important | Windows Network Load Balancing Remote Code Execution Vulnerability

CVE-2023-28240 Windows Network Load Balancing RCE

Important | Windows NTLM Elevation of Privilege Vulnerability

CVE-2023-28225 Windows NTLM EoP

⭕ Critical | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-28250 Windows PGM RCE

Important | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability

CVE-2023-28224 Windows Point-to-Point Protocol over Ethernet (PPPoE) RCE

⭕ Critical | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVE-2023-28232 Windows Point-to-Point Tunneling Protocol RCE

Important | Windows Spoofing Vulnerability

CVE-2023-28228 Windows RDP Client Spoofing

Important | Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2023-28267 Windows RDP Client Info

Important | Windows Registry Elevation of Privilege Vulnerability

CVE-2023-28246 Windows Registry EoP

Important | Remote Procedure Call Runtime Information Disclosure Vulnerability

CVE-2023-21729 Windows RPC API Info

Important | Remote Procedure Call Runtime Remote Code Execution Vulnerability

CVE-2023-21727 Windows RPC API RCE

Important | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability

CVE-2023-28297 Windows RPC API EoP

Important | Windows Secure Channel Denial of Service Vulnerability

CVE-2023-24931 Windows Secure Channel DoS

Important | Windows Secure Channel Denial of Service Vulnerability

CVE-2023-28233 Windows Secure Channel DoS

Important | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability

CVE-2023-28241 Windows Secure Socket Tunneling Protocol (SSTP) DoS

Important | Windows Secure Channel Denial of Service Vulnerability

CVE-2023-28234 Windows Transport Security Layer (TLS) DoS

Important | Windows Win32k Elevation of Privilege Vulnerability

CVE-2023-28274 Windows Win32K EoP

Important | Win32k Elevation of Privilege Vulnerability

CVE-2023-24914 Windows Win32K EoP

* EoP - Elevation of Privilege | DoS - Denial of Service | EoP - Elevation of Privilege | RCE - Remote Code Execution | SFB - Security Feature Bypass

Runecast protects you against all of these

At Runecast we ensure that all operating systems vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.

Runecast is an AI-powered platform that gives you complete visibility and control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, security and compliance to ensure every aspect of your environment is protected. In addition, Runecast also provides explicit instructions and generates custom remediation scripts, ensuring rapid compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Google Cloud, Kubernetes, and VMware environments and operates securely on-premises.

Click to view larger image ↑

Click to view larger image ↑

Click to view larger image ↑

Click to view larger image ↑

Meet other Runecasters here:

Behind-the-Scenes: Meet Andrea Ferrazza
This is some text inside of a div block.
Runecast Behind the Scenes with Jakub Prasek
This is some text inside of a div block.
Runecast Behind the Scenes with Michal Trneny
This is some text inside of a div block.
Runecast Behind the Scenes with Ionut Radu
This is some text inside of a div block.
Runecast Behind the Scenes with Michaela Kolackova
This is some text inside of a div block.
Adrian Borlea
Written by
Adrian Borlea

Adrian is Windows Security Researcher at Runecast and an IT enthusiast with over 10 years of experience. He has worked as a Network and Systems Administrator for various companies and sectors, involved in complex projects starting from infrastructure planning, implementation, troubleshooting and continuous improvement processes.

In the last few years, Adrian has been involved in cyber-security projects, working with multiple tools for vulnerability management, compliance, IDS/IPS, GDPR compliance and infrastructure monitoring against cyber-attacks.

→ Read more from this author

Run Secure and Compliant Workloads Anywhere

Detect and assess risks and be fully compliant in minutes.

Get Free Trial