Microsoft has released its April 2023 Patch Tuesday security updates, which address one actively exploited zero-day vulnerability and a total of 97 flaws. Among these, seven vulnerabilities have been classified as 'Critical' for allowing remote code execution, considered the most serious type of vulnerability. The number of bugs in each vulnerability category is listed in the article. This count does not include seventeen Microsoft Edge vulnerabilities fixed on April 6th.
This month's Patch Tuesday addresses one zero-day vulnerability actively exploited in attacks. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. The actively exploited zero-day vulnerability in today's updates is CVE-2023-28252 - Windows Common Log File System Driver Elevation of Privilege Vulnerability. Microsoft has fixed a privilege elevation vulnerability in the Windows CLFS driver that elevates privileges to SYSTEM, the highest user privilege level in Windows. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," reads Microsoft's advisory. The vulnerability was discovered by Genwei Jiang with Mandiant and Quan Jin with DBAPPSecurity WeBin Lab.
While not actively exploited, Microsoft Office, Word, and Publisher remote code execution vulnerabilities were fixed today that can be exploited simply by opening malicious documents. These vulnerabilities are tracked as CVE-2023-28285, CVE-2023-28295, CVE-2023-28287, and CVE-2023-28311. As these types of vulnerabilities are valuable in phishing campaigns, threat actors will likely attempt to discover how they can be exploited for use in malware distribution campaigns. Therefore, it is strongly recommended that Microsoft Office users install today's security updates as soon as possible.
Other vendors who released updates in April 2023 are also mentioned in the article. A complete list of resolved vulnerabilities in the April 2023 Patch Tuesday updates is provided, and the full description of each vulnerability and the systems it affects can be viewed in the full report.