Microsoft Releases April 2023 Security Updates
Scheduled updates for Microsoft products, including security updates for a zero-day vulnerability
Summary
Scheduled updates for Microsoft products, including security updates for a zero-day vulnerability
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
- Azure Machine Learning
- Azure Service Connector
- Microsoft Bluetooth Driver
- Microsoft Dynamics
- Microsoft Dynamics 365 Customer Voice
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Message Queuing
- Microsoft Office Publisher
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft PostScript Printer Driver
- Microsoft Printer Drivers
- Microsoft WDAC OLE DB provider for SQL
- Microsoft Windows DNS
- Visual Studio Code
- Windows Active Directory
- Windows ALPC
- Windows Ancillary Function Driver for WinSock
- Windows Boot Manager
- Windows Clip Service
- Windows CNG Key Isolation Service
- Windows Common Log File System Driver
- Windows DHCP Server
- Windows Enroll Engine
- Windows Error Reporting
- Windows Group Policy
- Windows Internet Key Exchange (IKE) Protocol
- Windows Kerberos
- Windows Kernel
- Windows Layer 2 Tunneling Protocol
- Windows Lock Screen
- Windows Netlogon
- Windows Network Address Translation (NAT)
- Windows Network File System
- Windows Network Load Balancing
- Windows NTLM
- Windows PGM
- Windows Point-to-Point Protocol over Ethernet (PPPoE)
- Windows Point-to-Point Tunneling Protocol
- Windows Raw Image Extension
- Windows RDP Client
- Windows Registry
- Windows RPC API
- Windows Secure Boot
- Windows Secure Channel
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows Transport Security Layer (TLS)
- Windows Win32K
Threat details
Introduction
Microsoft has released security updates to address 93 vulnerabilities across their products, with 7 of them rated as critical and 1 reported as a zero-day vulnerability. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Reports of exploitation of CVE-2023-28252 and a PoC published for CVE-2023-28231 & CVE-2023-28285
Microsoft has released updates for a zero-day vulnerability that has been added to CISA's Known Exploited Vulnerabilities Catalog. The vulnerability referred to as CVE-2023-28252, is a Windows Common Log File System driver privilege escalation vulnerability.
The vulnerability CVE-2023-28229, which is a Microsoft Windows CNG Key Isolation Service privilege escalation vulnerability, has also been added to CISA's Known Exploited Vulnerabilities Catalog.
Proof-of-concept (PoC) exploit code has been publicly disclosed for CVE-2023-28285, which is a Microsoft Office remote code execution (RCE) vulnerability, and CVE-2023-28231, which is a Dynamic Host Configuration Protocol (DHCP) Server Service RCE vulnerability.
Exploitation is considered more likely for these vulnerabilities.
Threat updates
| Date | Update |
|---|---|
| 5 Oct 2023 |
CVE-2023-28229 added to CISA's Known Exploited Vulnerabilities Catalog
This cyber alert has been updated to reflect this change. |
| 4 Jul 2023 |
PoC exploit code has been publicly disclosed for CVE-2023-28285
A public PoC has been released. This cyber alert has been updated to reflect this change. The severity has been raised from Information Only to a Medium severity alert because of exploitation of CVE-2023-28252 and the public release of exploit code for CVE-2023-28231 and CVE-20230-28285. |
| 5 May 2023 |
PoC code released for CVE-2023-28231
A public PoC has been released. This cyber alert has been updated to reflect this change. |
Remediation advice
Affected organisations are encouraged to review Microsoft’s April 2023 Security Update Summary and Deployment Information and apply the relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 5 October 2023 4:10 pm