Skip to content

IT Notes

Menu
  • Home
  • Microsoft
  • Apple
  • IT Security
  • Azure
  • Office365
  • Microsoft Exchange
  • Privacy
  • Backups
Menu

Microsoft April 2023 Patch Tuesday: What You Need to Know

Posted on 12/04/202312/04/2023 by Nial Aliyev
Share on Social Media
xfacebooklinkedinredditemail

Microsoft has released its monthly security updates for April 2023, fixing a total of 97 vulnerabilities across various products and services. Among them, one zero-day flaw was actively exploited in the wild, and seven were rated as critical for allowing remote code execution (RCE).

CVE-2023-28252: Windows Common Log File System Driver Elevation of Privilege Vulnerability

This is the only zero-day vulnerability patched this month. It affects the Windows Common Log File System (CLFS) driver, a logging service used by kernel-mode and user-mode applications. An attacker who successfully exploits this flaw could gain SYSTEM privileges, the highest level of access on a Windows system.

Genwei Jiang discovered this vulnerability with Mandiant and Quan Jin with DBAPPSecurity WeBin Lab. It was also reported by Kaspersky, who observed it being used in Nokoyawa ransomware attacks. According to Microsoft, this vulnerability is less likely to be exploited on Windows 11 systems due to additional security measures.

This is not the first time a CLFS driver vulnerability has been exploited in the wild. In fact, this is the fourth such case in the past two years, following CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376. Therefore, we recommend applying this patch as soon as possible, especially on Windows Server systems with the MSMQ service enabled.

CVE-2023-28285, CVE-2023-28295, CVE-2023-28287, and CVE-2023-28311: Microsoft Office RCE Vulnerabilities

These four vulnerabilities are all related to Microsoft Office products, such as Word, Publisher, and SharePoint. They allow an attacker to execute arbitrary code on a target system by convincing a user to open a specially crafted document or file.

These types of vulnerabilities are often used in phishing campaigns to distribute malware or gain access to sensitive information. Therefore, we advise updating Microsoft Office applications as soon as possible and educating users about the risks of opening untrusted attachments or links.

CVE-2023-21554: Microsoft Message Queuing RCE Vulnerability

This is another critical RCE vulnerability that affects servers with Microsoft’s Message Queuing (MSMQ) service enabled. MSMQ is a messaging protocol that allows applications to communicate across networks and systems.

An attacker who exploits this vulnerability could execute arbitrary code on a target server with elevated privileges. This could lead to a complete compromise of the server or allow lateral movement within the network.

Trend Micro’s Zero Day Initiative reported this vulnerability, with a CVSSv3 score of 9.8, indicating a high severity and impact. Therefore, we suggest patching any servers with MSMQ enabled as soon as possible.

Other Notable Patches

In addition to the above vulnerabilities, Microsoft also fixed several other flaws that could pose a risk to users or organizations. Some of them are:

CVE-2023-28312: Windows DNS Server RCE Vulnerability
CVE-2023-28313: Windows DNS Server RCE Vulnerability
CVE-2023-28314: Windows DNS Server RCE Vulnerability


These three vulnerabilities affect Windows DNS servers and allow attackers to execute arbitrary code by sending specially crafted DNS requests. DNS servers are essential for resolving domain names to IP addresses and facilitating network communication. Therefore, compromising them could have serious consequences for network security and availability.

CVE-2023-28286: Windows Active Directory Security Feature Bypass Vulnerability
This vulnerability affects Windows Active Directory and allows an attacker to bypass security features such as Kerberos authentication or NTLM signing. This could enable an attacker to impersonate other users or access protected resources without authorization.

CVE-2023-28315: Windows Kernel Elevation of Privilege Vulnerability
This vulnerability affects the Windows kernel and allows attackers to elevate their privileges from low-integrity to medium-integrity levels. This could enable an attacker to perform actions that would otherwise be restricted, such as accessing files or processes belonging to other users.

Conclusion

Microsoft’s April 2023 Patch Tuesday addresses a large number of vulnerabilities across various products and services. Among them, one zero-day flaw was actively exploited in the wild, and seven were rated as critical for allowing remote code execution (RCE).

We recommend applying these patches as soon as possible, especially for systems that are exposed to the internet or have sensitive data or functionality. Additionally, we advise monitoring your network for any signs of malicious activity or exploitation attempts.

Search

Recent Posts

  • Hosting Your Web Application with Azure App Service
  • Microsoft Patch Tuesday, November 2023
  • Microsoft Thwarts China-based Threat Actor Storm-0558 Targeting Customer Email
  • Apple releases emergency updates to address the zero-day vulnerability.
  • How to Delegate Admin Roles to Partners in Microsoft 365

Categories

  • Apple
  • Azure
  • Backups
  • IT Security
  • Microsoft
  • Microsoft Exchange
  • Office365
  • Privacy
  • Uncategorized

Archives

  • August 2024
  • November 2023
  • July 2023
  • April 2023
  • March 2023
  • April 2022
  • June 2021
  • May 2021
  • October 2020
  • December 2019
  • July 2019
  • June 2019
  • December 2018
  • January 2018
  • November 2017
  • October 2017
  • August 2017
  • June 2017
  • May 2017
  • April 2017

About Me

171157
Users Today : 75
Total Users : 153942

Connect With Me

©2026 IT Notes | Design: Newspaperly WordPress Theme