Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th.
In-The-Wild & Disclosed CVEs
A vulnerability in the Common Log File System (CLFS) Driver has been exploited in-the-wild. CLFS provides a general-purpose logging service to other software via the Microsoft Windows SDK. Successful exploitation of this vulnerability would lead to an attacker gaining SYSTEM access. Kaspersky has provided a detailed analysis of an attack that utilized this vulnerability.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
Tag |
CVE Count |
CVEs |
Microsoft PostScript Printer Driver |
1 |
CVE-2023-28243 |
Windows RPC API |
3 |
CVE-2023-21727, CVE-2023-21729, CVE-2023-28297 |
Windows Secure Socket Tunneling Protocol (SSTP) |
1 |
CVE-2023-28241 |
Windows Error Reporting |
1 |
CVE-2023-28221 |
Microsoft Office Word |
1 |
CVE-2023-28311 |
Windows Transport Security Layer (TLS) |
1 |
CVE-2023-28234 |
Microsoft Printer Drivers |
11 |
CVE-2023-24924, CVE-2023-24883, CVE-2023-24925, CVE-2023-24884, CVE-2023-24926, CVE-2023-24885, CVE-2023-24927, CVE-2023-24886, CVE-2023-24928, CVE-2023-24887, CVE-2023-24929 |
Windows Group Policy |
1 |
CVE-2023-28276 |
Azure Machine Learning |
1 |
CVE-2023-28312 |
Windows Netlogon |
1 |
CVE-2023-28268 |
Microsoft Dynamics |
2 |
CVE-2023-28309, CVE-2023-28314 |
Microsoft Graphics Component |
1 |
CVE-2023-24912 |
Windows Enroll Engine |
1 |
CVE-2023-28226 |
Windows Network File System |
1 |
CVE-2023-28247 |
Microsoft Office SharePoint |
1 |
CVE-2023-28288 |
Windows PGM |
1 |
CVE-2023-28250 |
Azure Service Connector |
1 |
CVE-2023-28300 |
Visual Studio Code |
1 |
CVE-2023-24893 |
SQL Server |
3 |
CVE-2023-23384, CVE-2023-23375, CVE-2023-28304 |
Windows Network Load Balancing |
1 |
CVE-2023-28240 |
Windows Secure Channel |
2 |
CVE-2023-24931, CVE-2023-28233 |
Windows Ancillary Function Driver for WinSock |
1 |
CVE-2023-28218 |
Windows Lock Screen |
2 |
CVE-2023-28235, CVE-2023-28270 |
Windows Kernel |
8 |
CVE-2023-28222, CVE-2023-28298, CVE-2023-28237, CVE-2023-28248, CVE-2023-28271, CVE-2023-28272, CVE-2023-28253, CVE-2023-28293 |
Microsoft Bluetooth Driver |
1 |
CVE-2023-28227 |
Windows Clip Service |
1 |
CVE-2023-28273 |
Windows Point-to-Point Tunneling Protocol |
1 |
CVE-2023-28232 |
Microsoft Office |
1 |
CVE-2023-28285 |
Windows Registry |
1 |
CVE-2023-28246 |
Windows NTLM |
1 |
CVE-2023-28225 |
Windows Active Directory |
1 |
CVE-2023-28302 |
Windows Network Address Translation (NAT) |
1 |
CVE-2023-28217 |
Windows Layer 2 Tunneling Protocol |
2 |
CVE-2023-28219, CVE-2023-28220 |
Microsoft WDAC OLE DB provider for SQL |
1 |
CVE-2023-28275 |
Windows CNG Key Isolation Service |
1 |
CVE-2023-28229 |
Windows Boot Manager |
2 |
CVE-2023-28269, CVE-2023-28249 |
Windows Raw Image Extension |
2 |
CVE-2023-28291, CVE-2023-28292 |
Windows Win32K |
2 |
CVE-2023-24914, CVE-2023-28274 |
Microsoft Dynamics 365 Customer Voice |
1 |
CVE-2023-28313 |
.NET Core |
1 |
CVE-2023-28260 |
Windows Kerberos |
1 |
CVE-2023-28244 |
Microsoft Message Queuing |
2 |
CVE-2023-21769, CVE-2023-21554 |
Microsoft Office Publisher |
2 |
CVE-2023-28287, CVE-2023-28295 |
Microsoft Windows DNS |
10 |
CVE-2023-28305, CVE-2023-28223, CVE-2023-28254, CVE-2023-28277, CVE-2023-28255, CVE-2023-28278, CVE-2023-28256, CVE-2023-28306, CVE-2023-28307, CVE-2023-28308 |
Windows DHCP Server |
1 |
CVE-2023-28231 |
Windows Point-to-Point Protocol over Ethernet (PPPoE) |
1 |
CVE-2023-28224 |
Microsoft Defender for Endpoint |
1 |
CVE-2023-24860 |
Microsoft Edge (Chromium-based) |
17 |
CVE-2023-1810, CVE-2023-1811, CVE-2023-1812, CVE-2023-1813, CVE-2023-1814, CVE-2023-1815, CVE-2023-1816, CVE-2023-1817, CVE-2023-1818, CVE-2023-1819, CVE-2023-1820, CVE-2023-1821, CVE-2023-1822, CVE-2023-1823, CVE-2023-28284, CVE-2023-24935, CVE-2023-28301 |
Windows ALPC |
2 |
CVE-2023-28216, CVE-2023-28236 |
Visual Studio |
4 |
CVE-2023-28262, CVE-2023-28263, CVE-2023-28296, CVE-2023-28299 |
Windows RDP Client |
2 |
CVE-2023-28228, CVE-2023-28267 |
Windows Internet Key Exchange (IKE) Protocol |
1 |
CVE-2023-28238 |
Windows Common Log File System Driver |
2 |
CVE-2023-28266, CVE-2023-28252 |
Other Information
At the time of publication, there were no new advisories included with the April Security Guidance. However, a number of previously published CVEs were updated in March and April.
CVE-2022-23816 / CVE-2022-23825
These CVEs were revised on March 14, 2023 to announce the availability of updates to address all supported versions of Windows, with the exception of Windows Server 2022 (both Server Core and non-Server Core installations).
This cURL CVE was published in February, updated in March to indicate that certain versions of Windows were indeed vulnerable, and updated April 11 to announce the availability of security updates for a number of Microsoft Windows platforms.
This April 2022 vulnerability was updated in March to announce that Windows 11 Version 22H2 was affected by this vulnerability and that a patch was provided.
This June 2021 vulnerability was updated in March to change the default behavior had changed. DCOM Server hardening was originally optional and previously updated to be enabled by default with the option to disable it. With the March update, the hardening is now enabled by default and cannot be disabled. This may impact legacy applications in your environment. Microsoft has a KB article with more details.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.