Microsoft Monthly Security Update (April 2023)

Release Date: 12 Apr 2023 4890 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskSecurity Restriction Bypass
Spoofing
Data Manipulation		 
WindowsMedium Risk Medium RiskRemote Code Execution
Information Disclosure
Denial of Service
Elevation of Privilege
Security Restriction Bypass
Spoofing

CVE-2023-28252

is being exploited in the wild.

The vulnerability can be exploited by using Windows CLFS driver to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium.

Extended Security Updates (ESU)Medium Risk Medium RiskRemote Code Execution
Information Disclosure
Denial of Service
Elevation of Privilege
Spoofing
Security Restriction Bypass		 
SQL ServerMedium Risk Medium RiskRemote Code Execution 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Spoofing		 
AzureMedium Risk Medium RiskSecurity Restriction Bypass
Information Disclosure		 
Microsoft DynamicsLow Risk Low RiskSpoofing 
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Information Disclosure
Spoofing		 
System CenterMedium Risk Medium RiskDenial of Service 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 8

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': Medium Risk

Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

  • Browser
  • Windows
  • Extended Security Updates (ESU)
  • SQL Server
  • Microsoft Office
  • Azure
  • Microsoft Dynamics
  • Developer Tools
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftDenial of ServiceElevation of PrivilegeRemote Code ExecutionSecurity Restriction BypassInformation DisclosureData ManipulationSpoofingExploit In The Wild

Share with

Previous

Mozilla Products Multiple Vulnerabilities

12 Apr 2023 3993 Views

Next

Adobe Monthly Security Update (April 2023)

12 Apr 2023 4805 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY