June 7, 2023

Microsoft patched 97 CVEs in its April 2023 Patch Tuesday Release, with seven rated as critical and 90 rated as important.

This month’s update includes patches for:

  • .NET Core
  • Azure Machine Learning
  • Azure Service Connector
  • Microsoft Bluetooth Driver
  • Microsoft Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Dynamics 365 Customer Voice
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Message Queuing
  • Microsoft Office
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows DNS
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Boot Manager
  • Windows Clip Service
  • Windows CNG Key Isolation Service
  • Windows Common Log File System Driver
  • Windows DHCP Server
  • Windows Enroll Engine
  • Windows Error Reporting
  • Windows Group Policy
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kerberos
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows Lock Screen
  • Windows Netlogon
  • Windows Network Address Translation (NAT)
  • Windows Network File System
  • Windows Network Load Balancing
  • Windows NTLM
  • Windows PGM
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Point-to-Point Tunneling Protocol
  • Windows Raw Image Extension
  • Windows RDP Client
  • Windows Registry
  • Windows RPC API
  • Windows Secure Boot
  • Windows Secure Channel
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Transport Security Layer (TLS)
  • Windows Win32K

Windows Common Log File System Driver EoP Vulnerability

CVE-2023-28252 is an EoP vulnerability in the Windows Common Log File System (CLFS) Driver, a logging service used by kernel-mode and user-mode applications. It was assigned a CVSSv3 score of 7.8. This vulnerability is a post-compromise flaw, meaning an attacker could exploit it after gaining access to a vulnerable target. Successful exploitation would elevate an attacker’s privileges SYSTEM. According to Microsoft, it was exploited in the wild as a zero day

CVE-2023-28252 is the second CLFS Driver EoP vulnerability to be exploited in the wild in 2023, as CVE-2023-23376 was disclosed in the February 2023 Patch Tuesday. It is the fourth known CLFS EoP vulnerability to be exploited in the wild in the last two years, following CVE-2022-24521 from the April 2022 Patch Tuesday and CVE-2022-37969 from the September 2022 Patch Tuesday release.

Microsoft Message Queuing RCE Vulnerability

CVE-2023-21554 is a RCE vulnerability affecting Microsoft Message Queuing (MSMQ) with a CVSSv3 score of 9.8. An attacker could exploit this flaw by sending a specially crafted MSMQ packet to an affected MSMQ server. The exploitation of this flaw requires the Windows message queuing service to be enabled. When enabled, TCP port 1801 will be listening on the host.

Two other denials of service tracked as CVE-2023-21769 and CVE-2023-28302 rated as importan” were also patched in MSMQ this month.

Windows Pragmatic General Multicast (PGM) RCE Vulnerability

CVE-2023-28250 is a RCE vulnerability affecting Windows Pragmatic General Multicast (PGM). Successful exploitation requires the MSMQ service to be enabled. An attacker could exploit this flaw by sending a crafted file over the network to execute arbitrary code. This vulnerability has a CVSSv3 score of 9.8 and impacts supported versions of Windows including Server Core installations.


DHCP Server Service RCE Vulnerability

CVE-2023-28231 is a RCE vulnerability affecting the Dynamic Host Configuration Protocol (DHCP) server service. This vulnerability is rated as “Exploitation More Likely” according to the Microsoft Exploitability Index. With a CVSSv3 score of 8.8, successful exploitation requires an attacker to be on an adjacent network prior to using a crafted RPC call to exploit the flaw.

Microsoft Raw Image Extension Vulnerability

CVE-2023-28291 is a Critical vulnerability affecting the Raw Image file extension. A raw image file is an image that has not yet been compressed or processed into a more user-friendly format such as JPEG. This vulnerability can be exploited if the victim user opens the malicious file. The affected application is most often updated through the Microsoft Store; however, Microsoft notes the update can be downloaded outside of the store.

WinVerifyTrust Signature Validation Vulnerability

Microsoft’s republishing of CVE-2013-3900, an old WinVerifyTrust Signature Validation vulnerability that has recently been exploited by attackers in the 3CX supply chain attack. The fix for it is still optional and includes setting a key in the system registry

Microsoft Exchange Server 2013 EOL

Microsoft announced that Exchange Server 2013 has reached its end of life. This version of Exchange Server will no longer receive security updates and should be upgraded as soon as possible. Microsoft released guidance to assist customers with decommissioning Exchange Server 2013.


Detailed CVE’s Patched

CVE IDVuln TitleSeverity
CVE-2023-21554Microsoft Message QueuingCritical
CVE-2023-28231Windows DHCP ServerCritical
CVE-2023-28219Windows Layer 2 Tunneling ProtocolCritical
CVE-2023-28220Windows Layer 2 Tunneling ProtocolCritical
CVE-2023-28250Windows PGMCritical
CVE-2023-28232Windows Point-to-Point Tunneling ProtocolCritical
CVE-2023-28291Windows Raw Image ExtensionCritical
CVE-2023-28260.NET CoreImportant
CVE-2023-28312Azure Machine LearningImportant
CVE-2023-28300Azure Service ConnectorImportant
CVE-2023-28227Microsoft Bluetooth DriverImportant
CVE-2023-24860Microsoft Defender for EndpointImportant
CVE-2023-28314Microsoft DynamicsImportant
CVE-2023-28309Microsoft DynamicsImportant
CVE-2023-28313Microsoft Dynamics 365 Customer VoiceImportant
CVE-2023-24912Microsoft Graphics ComponentImportant
CVE-2023-21769Microsoft Message QueuingImportant
CVE-2023-28285Microsoft OfficeImportant
CVE-2023-28295Microsoft Office PublisherImportant
CVE-2023-28287Microsoft Office PublisherImportant
CVE-2023-28288Microsoft Office SharePointImportant
CVE-2023-28311Microsoft Office WordImportant
CVE-2023-28243Microsoft PostScript Printer DriverImportant
CVE-2023-24883Microsoft Printer DriversImportant
CVE-2023-24927Microsoft Printer DriversImportant
CVE-2023-24925Microsoft Printer DriversImportant
CVE-2023-24924Microsoft Printer DriversImportant
CVE-2023-24885Microsoft Printer DriversImportant
CVE-2023-24928Microsoft Printer DriversImportant
CVE-2023-24884Microsoft Printer DriversImportant
CVE-2023-24926Microsoft Printer DriversImportant
CVE-2023-24929Microsoft Printer DriversImportant
CVE-2023-24887Microsoft Printer DriversImportant
CVE-2023-24886Microsoft Printer DriversImportant
CVE-2023-28275Microsoft WDAC OLE DB provider for SQLImportant
CVE-2023-28256Microsoft Windows DNSImportant
CVE-2023-28278Microsoft Windows DNSImportant
CVE-2023-28307Microsoft Windows DNSImportant
CVE-2023-28306Microsoft Windows DNSImportant
CVE-2023-28223Microsoft Windows DNSImportant
CVE-2023-28254Microsoft Windows DNSImportant
CVE-2023-28305Microsoft Windows DNSImportant
CVE-2023-28308Microsoft Windows DNSImportant
CVE-2023-28255Microsoft Windows DNSImportant
CVE-2023-28277Microsoft Windows DNSImportant
CVE-2023-23384SQL ServerImportant
CVE-2023-23375SQL ServerImportant
CVE-2023-28304SQL ServerImportant
CVE-2023-28299Visual StudioImportant
CVE-2023-28262Visual StudioImportant
CVE-2023-28263Visual StudioImportant
CVE-2023-28296Visual StudioImportant
CVE-2023-24893Visual Studio CodeImportant
CVE-2023-28302Windows Active DirectoryImportant
CVE-2023-28236Windows ALPCImportant
CVE-2023-28216Windows ALPCImportant
CVE-2023-28218Windows Ancillary Function Driver for WinSockImportant
CVE-2023-28269Windows Boot ManagerImportant
CVE-2023-28249Windows Boot ManagerImportant
CVE-2023-28273Windows Clip ServiceImportant
CVE-2023-28229Windows CNG Key Isolation ServiceImportant
CVE-2023-28266Windows Common Log File System DriverImportant
CVE-2023-28252Windows Common Log File System DriverImportant
CVE-2023-28226Windows Enroll EngineImportant
CVE-2023-28221Windows Error ReportingImportant
CVE-2023-28276Windows Group PolicyImportant
CVE-2023-28238Windows Internet Key Exchange (IKE) ProtocolImportant
CVE-2023-28244Windows KerberosImportant
CVE-2023-28271Windows KernelImportant
CVE-2023-28248Windows KernelImportant
CVE-2023-28222Windows KernelImportant
CVE-2023-28272Windows KernelImportant
CVE-2023-28293Windows KernelImportant
CVE-2023-28253Windows KernelImportant
CVE-2023-28237Windows KernelImportant
CVE-2023-28298Windows KernelImportant
CVE-2023-28270Windows Lock ScreenImportant
CVE-2023-28235Windows Lock ScreenImportant
CVE-2023-28268Windows NetlogonImportant
CVE-2023-28217Windows Network Address Translation (NAT)Important
CVE-2023-28247Windows Network File SystemImportant
CVE-2023-28240Windows Network Load BalancingImportant
CVE-2023-28225Windows NTLMImportant
CVE-2023-28224Windows Point-to-Point Protocol over Ethernet (PPPoE)Important
CVE-2023-28292Windows Raw Image ExtensionImportant
CVE-2023-28228Windows RDP ClientImportant
CVE-2023-28267Windows RDP ClientImportant
CVE-2023-28246Windows RegistryImportant
CVE-2023-21729Windows RPC APIImportant
CVE-2023-21727Windows RPC APIImportant
CVE-2023-28297Windows RPC APIImportant
CVE-2023-24931Windows Secure ChannelImportant
CVE-2023-28233Windows Secure ChannelImportant
CVE-2023-28241Windows Secure Socket Tunneling Protocol (SSTP)Important
CVE-2023-28234Windows Transport Security Layer (TLS)Important
CVE-2023-28274Windows Win32KImportant
CVE-2023-24914Windows Win32KImportant

Leave a Reply

%d bloggers like this: