Service Notices
Microsoft Releases April 2023 Security Updates
Apr 14, 2023 GMT+08:00
I. Overview
Microsoft has released its April 2023 Security Updates. A total of 97 security vulnerabilities have been disclosed, among which 7 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, Visual Studio Code and Raw Image Extension.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2023-Apr
The following vulnerabilities have been exploited by attackers:
Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2023-28252): 0-day vulnerability. Local attackers can exploit this vulnerability to gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.
9 vulnerabilities (such as CVE-2023-21554, CVE-2023-28231, and CVE-2023-28220) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, Visual Studio Code and Raw Image Extension
IV. Vulnerability Details
|
CVE ID |
Vulnerability |
Severity |
Description |
|
CVE-2023-28219 |
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
Important |
An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. |
|
CVE-2023-28250 |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
Important |
When the Windows Message Queuing service is enabled, an attacker who successfully exploited this vulnerability could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
|
CVE-2023-28291 |
Raw Image Extension Remote Code Execution Vulnerability |
Important |
The Raw Image Extension has a defect in verifying the user input. To exploit this vulnerability, an attacker could convince a local user to open a malicious file. Successful exploitation could lead to remote code execution. |
|
CVE-2023-28232 |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
Important |
The Windows Point-to-Point Tunneling Protocol has a defect in verifying user inputs. Remote attackers could send a specially crafted input to the target server to trigger the vulnerability. Successful exploitation of the vulnerability can cause remote code execution. |
|
CVE-2023-28231 |
DHCP Server Service Remote Code Execution Vulnerability |
Important |
An authenticated attacker could leverage a specially crafted RPC call to the DHCP service to exploit this vulnerability. Successful exploitation of the vulnerability can cause remote code execution. |
|
CVE-2023-21554 |
Microsoft Message Queuing Remote Code Execution Vulnerability |
Important |
To exploit this vulnerability, an attacker could send a specially crafted malicious MSMQ packet to an MSMQ server. This could result in remote code execution on the server side. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.