Skip to main content

Microsoft Monthly Security Update (April 2023)

Release Date: 12 Apr 2023 5966 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskSecurity Restriction Bypass
Spoofing
Data Manipulation
 
WindowsMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Denial of Service
Elevation of Privilege
Security Restriction Bypass
Spoofing

CVE-2023-28252

is being exploited in the wild.

The vulnerability can be exploited by using Windows CLFS driver to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium.

Extended Security Updates (ESU)Medium Risk Medium RiskRemote Code Execution
Information Disclosure
Denial of Service
Elevation of Privilege
Spoofing
Security Restriction Bypass
 
SQL ServerMedium Risk Medium RiskRemote Code Execution 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Spoofing
 
AzureMedium Risk Medium RiskSecurity Restriction Bypass
Information Disclosure
 
Microsoft DynamicsLow Risk Low RiskSpoofing 
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Information Disclosure
Spoofing
 
System CenterMedium Risk Medium RiskDenial of Service 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 8

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': Medium Risk


Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

  • Browser
  • Windows
  • Extended Security Updates (ESU)
  • SQL Server
  • Microsoft Office
  • Azure
  • Microsoft Dynamics
  • Developer Tools
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link