Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The April 2023 edition of Patch Tuesday brings us 97 fixes, with 7 rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the April 2023 Patch Tuesday Audit Report
Microsoft Message Queuing Remote Code Execution Vulnerability
The most critical vulnerability this month is CVE-2023-21554 with a CVSS base score of 9.8. While there isn’t much information available on how this vulnerability works exactly, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server which could result in remote code execution on the server side. Microsoft also lists that exploitation of this vulnerability is more than likely.
One big upside is that only devices that have the MSMQ Server feature installed are vulnerable, so not all of your devices are vulnerable by default. You can get an easy overview of which servers have the MSMQ Server feature installed using our MSMQ Server feature audit.
Layer 2 Tunneling Protocol Remote Code Execution
Two of the critical vulnerabilities are in the Layer 2 Tunneling protocol with both having a CVSS score of 8.1. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.
CVE-2023-28219 and CVE-2023-28220 are more likely to be exploited, but again this only applies to servers with the Remote Access Server role. If you want to know which of your server have the Remote Access Server role installed, you can run our RAS audit.
DHCP Server Service Remote Code Execution Vulnerability
The last more than likely to be exploited vulnerability is a RCE vulnerability in the DHCP Server service. With a CVSS score of 8.8, CVE-2023-28231 sits in the middle of the previous vulnerabilities. In order to exploit this vulnerability an authenticated attacker could leverage a specially crafted RPC call to the DHCP service which then can lead to remote code execution.
While this vulnerability also only affects specific devices, namely ones with the DHCP Server Service, its more than likely that you have one of these so its important to make sure they are updated. You can get a quick overview of all your DHCP Servers using our DHCP Server Role audit.
Run the Patch Tuesday April 2023 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday April 2023 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2023-28314 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-28313 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability |
| CVE-2023-28312 | Azure Machine Learning Information Disclosure Vulnerability |
| CVE-2023-28311 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2023-28309 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-28308 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28307 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28306 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28305 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28304 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability |
| CVE-2023-28302 | Microsoft Message Queuing Denial of Service Vulnerability |
| CVE-2023-28300 | Azure Service Connector Security Feature Bypass Vulnerability |
| CVE-2023-28299 | Visual Studio Spoofing Vulnerability |
| CVE-2023-28298 | Windows Kernel Denial of Service Vulnerability |
| CVE-2023-28297 | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability |
| CVE-2023-28296 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability |
| CVE-2023-28293 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-28292 | Raw Image Extension Remote Code Execution Vulnerability |
| CVE-2023-28291 | Raw Image Extension Remote Code Execution Vulnerability |
| CVE-2023-28288 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability |
| CVE-2023-28285 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| CVE-2023-28278 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28277 | Windows DNS Server Information Disclosure Vulnerability |
| CVE-2023-28276 | Windows Group Policy Security Feature Bypass Vulnerability |
| CVE-2023-28275 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2023-28274 | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2023-28273 | Windows Clip Service Elevation of Privilege Vulnerability |
| CVE-2023-28272 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-28271 | Windows Kernel Memory Information Disclosure Vulnerability |
| CVE-2023-28270 | Windows Lock Screen Security Feature Bypass Vulnerability |
| CVE-2023-28269 | Windows Boot Manager Security Feature Bypass Vulnerability |
| CVE-2023-28268 | Netlogon RPC Elevation of Privilege Vulnerability |
| CVE-2023-28267 | Remote Desktop Protocol Client Information Disclosure Vulnerability |
| CVE-2023-28266 | Windows Common Log File System Driver Information Disclosure Vulnerability |
| CVE-2023-28263 | Visual Studio Information Disclosure Vulnerability |
| CVE-2023-28262 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-28260 | .NET DLL Hijacking Remote Code Execution Vulnerability |
| CVE-2023-28256 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28255 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28254 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-28253 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
| CVE-2023-28249 | Windows Boot Manager Security Feature Bypass Vulnerability |
| CVE-2023-28248 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-28247 | Windows Network File System Information Disclosure Vulnerability |
| CVE-2023-28246 | Windows Registry Elevation of Privilege Vulnerability |
| CVE-2023-28244 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2023-28243 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-28241 | Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability |
| CVE-2023-28240 | Windows Network Load Balancing Remote Code Execution Vulnerability |
| CVE-2023-28238 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability |
| CVE-2023-28237 | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2023-28236 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-28235 | Windows Lock Screen Security Feature Bypass Vulnerability |
| CVE-2023-28234 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-28233 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-28232 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-28231 | DHCP Server Service Remote Code Execution Vulnerability |
| CVE-2023-28229 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| CVE-2023-28228 | Windows Spoofing Vulnerability |
| CVE-2023-28227 | Windows Bluetooth Driver Remote Code Execution Vulnerability |
| CVE-2023-28226 | Windows Enroll Engine Security Feature Bypass Vulnerability |
| CVE-2023-28225 | Windows NTLM Elevation of Privilege Vulnerability |
| CVE-2023-28224 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| CVE-2023-28223 | Windows Domain Name Service Remote Code Execution Vulnerability |
| CVE-2023-28222 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-28221 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| CVE-2023-28220 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-28219 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-28218 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2023-28217 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2023-28216 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability |
| CVE-2023-24931 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-24929 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24928 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24927 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24926 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24925 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24924 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24914 | Win32k Elevation of Privilege Vulnerability |
| CVE-2023-24912 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24893 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2023-24887 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24886 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24885 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24884 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24883 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24860 | Microsoft Defender Denial of Service Vulnerability |
| CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability |
| CVE-2023-23375 | Microsoft ODBC and OLE DB Remote Code Execution Vulnerability |
| CVE-2023-21769 | Microsoft Message Queuing Denial of Service Vulnerability |
| CVE-2023-21729 | Remote Procedure Call Runtime Information Disclosure Vulnerability |
| CVE-2023-21727 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-21554 | Microsoft Message Queuing Remote Code Execution Vulnerability |
"*" indicates required fields
Receive the Latest Patch Tuesday Report for FREE Every Month
