- 84/2023
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for one actively exploited zero-day vulnerability. Also, Microsoft has released an updated Microsoft Edge version (112.0.1722.34) to fix multiple vulnerabilities.
Microsoft has fixed (97) vulnerabilities, with (7) classified as critical as they could allow the attacker to perform remote code execution on the affected products.
April’s Patch Tuesday was released to fix security flaws in some products such as .NET Core, Visual Studio, Microsoft Defender for Endpoint, Microsoft Edge (Chromium-based), Microsoft Printer Drivers, Microsoft Office (Word, Publisher, SharePoint), Windows Active Directory, Windows Boot Manager, Microsoft Bluetooth Driver, Windows Kernel and Microsoft Windows DNS.
The actively exploited zero-day vulnerability fixed in April’s patch is:
Microsoft Windows common log file system driver elevation of privilege vulnerability allows the local authenticated attacker to gain SYSTEM privileges by executing a specially-crafted program, this vulnerability was exploited in Nokoyawa ransomware attacks – CVE-2023-28252.
Sample of the addressed vulnerabilities:
1. Microsoft Windows Remote Procedure Call Runtime Code Execution (CVE- 2023-28250):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Microsoft Windows Message Queuing code execution (CVE-2023-21554):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
List of vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.