CrowdStrike Update Causes BSOD Issues Globally – Audit Available 🛡️ Learn more

TRY NOW
Patch Tuesday

Microsoft Patch Tuesday – April 2023

7 min. read
11/04/2023
By Esben Dochy
Microsoft-Patch-Tuesday-May-2022

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The April 2023 edition of Patch Tuesday brings us 97 fixes, with 7 rated as critical. We’ve listed the most important changes below.

⚡ TL;DR | Go Straight to the April 2023 Patch Tuesday Audit Report

Microsoft Message Queuing Remote Code Execution Vulnerability

The most critical vulnerability this month is CVE-2023-21554 with a CVSS base score of 9.8. While there isn’t much information available on how this vulnerability works exactly, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server which could result in remote code execution on the server side. Microsoft also lists that exploitation of this vulnerability is more than likely.

One big upside is that only devices that have the MSMQ Server feature installed are vulnerable, so not all of your devices are vulnerable by default. You can get an easy overview of which servers have the MSMQ Server feature installed using our MSMQ Server feature audit.

Layer 2 Tunneling Protocol Remote Code Execution

Two of the critical vulnerabilities are in the Layer 2 Tunneling protocol with both having a CVSS score of 8.1. To exploit this vulnerability, an unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine.

CVE-2023-28219 and CVE-2023-28220 are more likely to be exploited, but again this only applies to servers with the Remote Access Server role. If you want to know which of your server have the Remote Access Server role installed, you can run our RAS audit.

DHCP Server Service Remote Code Execution Vulnerability

The last more than likely to be exploited vulnerability is a RCE vulnerability in the DHCP Server service. With a CVSS score of 8.8, CVE-2023-28231 sits in the middle of the previous vulnerabilities. In order to exploit this vulnerability an authenticated attacker could leverage a specially crafted RPC call to the DHCP service which then can lead to remote code execution.

While this vulnerability also only affects specific devices, namely ones with the DHCP Server Service, its more than likely that you have one of these so its important to make sure they are updated. You can get a quick overview of all your DHCP Servers using our DHCP Server Role audit.

Run the Patch Tuesday April 2023 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday April 2023 CVE Codes & Titles

CVE NumberCVE Title
CVE-2023-28314Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-28313Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
CVE-2023-28312Azure Machine Learning Information Disclosure Vulnerability
CVE-2023-28311Microsoft Word Remote Code Execution Vulnerability
CVE-2023-28309Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-28308Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28307Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28306Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28305Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28304Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-28302Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-28300Azure Service Connector Security Feature Bypass Vulnerability
CVE-2023-28299Visual Studio Spoofing Vulnerability
CVE-2023-28298Windows Kernel Denial of Service Vulnerability
CVE-2023-28297Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
CVE-2023-28296Visual Studio Remote Code Execution Vulnerability
CVE-2023-28295Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-28293Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-28292Raw Image Extension Remote Code Execution Vulnerability
CVE-2023-28291Raw Image Extension Remote Code Execution Vulnerability
CVE-2023-28288Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-28287Microsoft Publisher Remote Code Execution Vulnerability
CVE-2023-28285Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-28278Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28277Windows DNS Server Information Disclosure Vulnerability
CVE-2023-28276Windows Group Policy Security Feature Bypass Vulnerability
CVE-2023-28275Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-28274Windows Win32k Elevation of Privilege Vulnerability
CVE-2023-28273Windows Clip Service Elevation of Privilege Vulnerability
CVE-2023-28272Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-28271Windows Kernel Memory Information Disclosure Vulnerability
CVE-2023-28270Windows Lock Screen Security Feature Bypass Vulnerability
CVE-2023-28269Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2023-28268Netlogon RPC Elevation of Privilege Vulnerability
CVE-2023-28267Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2023-28266Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2023-28263Visual Studio Information Disclosure Vulnerability
CVE-2023-28262Visual Studio Elevation of Privilege Vulnerability
CVE-2023-28260.NET DLL Hijacking Remote Code Execution Vulnerability
CVE-2023-28256Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28255Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28254Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28253Windows Kernel Information Disclosure Vulnerability
CVE-2023-28252Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-28250Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-28249Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2023-28248Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-28247Windows Network File System Information Disclosure Vulnerability
CVE-2023-28246Windows Registry Elevation of Privilege Vulnerability
CVE-2023-28244Windows Kerberos Elevation of Privilege Vulnerability
CVE-2023-28243Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-28241Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
CVE-2023-28240Windows Network Load Balancing Remote Code Execution Vulnerability
CVE-2023-28238Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
CVE-2023-28237Windows Kernel Remote Code Execution Vulnerability
CVE-2023-28236Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-28235Windows Lock Screen Security Feature Bypass Vulnerability
CVE-2023-28234Windows Secure Channel Denial of Service Vulnerability
CVE-2023-28233Windows Secure Channel Denial of Service Vulnerability
CVE-2023-28232Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-28231DHCP Server Service Remote Code Execution Vulnerability
CVE-2023-28229Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2023-28228Windows Spoofing Vulnerability
CVE-2023-28227Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-28226Windows Enroll Engine Security Feature Bypass Vulnerability
CVE-2023-28225Windows NTLM Elevation of Privilege Vulnerability
CVE-2023-28224Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
CVE-2023-28223Windows Domain Name Service Remote Code Execution Vulnerability
CVE-2023-28222Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-28221Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-28220Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-28219Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-28218Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2023-28217Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2023-28216Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
CVE-2023-24931Windows Secure Channel Denial of Service Vulnerability
CVE-2023-24929Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24928Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24927Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24926Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24925Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24924Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24914Win32k Elevation of Privilege Vulnerability
CVE-2023-24912Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-24893Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-24887Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24886Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24885Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24884Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-24883Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-24860Microsoft Defender Denial of Service Vulnerability
CVE-2023-23384Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-23375Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-21769Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-21729Remote Procedure Call Runtime Information Disclosure Vulnerability
CVE-2023-21727Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-21554Microsoft Message Queuing Remote Code Execution Vulnerability

Receive the Latest Patch Tuesday Report for FREE Every Month

"*" indicates required fields

Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.