Microsoft Addresses Zero-Day Vulnerability in April 2023 Patch Tuesday

April 11, 2023 — Microsoft has released its April 2023 Patch Tuesday security updates, addressing a total of 97 Common Vulnerabilities and Exposures (CVEs), including a high-severity zero-day vulnerability and a critical remote code execution vulnerability in Windows Pragmatic General Multicast (PGM).

This patch addressed a zero-day vulnerability, identified as CVE-2023-28252, is an elevation of privilege (EoP) vulnerability in the Windows Common Log File System (CLFS) Driver, a logging service used by kernel-mode and user-mode applications. This vulnerability was actively exploited in the wild and was assigned a CVSSv3 score of 7.8, indicating a high severity. Successful exploitation would allow an attacker to elevate their privileges to the SYSTEM level.

In addition to the zero-day, Microsoft addressed another significant vulnerability, CVE-2023-28250, which is a remote code execution vulnerability in Windows Pragmatic General Multicast (PGM). The vulnerability is rated as critical with a CVSSv3 base score of 9.8, reflecting its high impact and exploitability. PGM is a protocol used for multicast data delivery, and a successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.

According to Tenable’s blog, the April update also includes patches for:

  • .NET Core
  • Azure Machine Learning
  • Azure Service Connector
  • Microsoft Bluetooth Driver
  • Microsoft Defender for Endpoint
  • Microsoft Dynamics
  • Microsoft Dynamics 365 Customer Voice
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Message Queuing
  • Microsoft Office
  • Microsoft Office Publisher
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows DNS
  • Visual Studio
  • Visual Studio Code
  • Windows Active Directory
  • Windows ALPC
  • Windows Ancillary Function Driver for WinSock
  • Windows Boot Manager
  • Windows Clip Service
  • Windows CNG Key Isolation Service
  • Windows Common Log File System Driver
  • Windows DHCP Server
  • Windows Enroll Engine
  • Windows Error Reporting
  • Windows Group Policy
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kerberos
  • Windows Kernel
  • Windows Layer 2 Tunneling Protocol
  • Windows Lock Screen
  • Windows Netlogon
  • Windows Network Address Translation (NAT)
  • Windows Network File System
  • Windows Network Load Balancing
  • Windows NTLM
  • Windows PGM
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Point-to-Point Tunneling Protocol
  • Windows Raw Image Extension
  • Windows RDP Client
  • Windows Registry
  • Windows RPC API
  • Windows Secure Boot
  • Windows Secure Channel
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows Transport Security Layer (TLS)
  • Windows Win32K

Microsoft is urging users and administrators to apply the security updates as soon as possible to protect against these vulnerabilities, especially those that have been actively exploited. The Patch Tuesday updates are released monthly and provide critical security fixes for a wide range of Microsoft products