Microsoft Security Bulletin Coverage for April 2023

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2023. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability
IPS 3699: Microsoft Message Queuing RCE (CVE-2023-21554)

CVE-2023-24912 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 436: Exploit-exe exe.MP_315

CVE-2023-28218 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
ASPY 437: Exploit-exe exe.MP_316

CVE-2023-28219 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
IPS 3701: Windows L2TP Handling RCE (CVE-2023-28219)

CVE-2023-28220 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
IPS 18418: Windows L2TP Handling RCE (CVE-2023-28220)

CVE-2023-28266 Windows Common Log File System Driver Information Disclosure Vulnerability
ASPY 433: Exploit-exe exe.MP_313

CVE-2023-28274 Windows Win32k Elevation of Privilege Vulnerability
ASPY 434: Exploit-exe exe.MP_314

CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
This CVE is used in ransomware attacks which is covered by GAV:Nokoyawa.RSM

Adobe Coverage:
CVE-2023-26417 Acrobat Reader arbitrary code execution
ASPY 438: Malformed-pdf pdf.MP_509

CVE-2023-26406 Acrobat Reader security feature bypass
ASPY 435: Malicious-js js.MP_28

The following vulnerabilities do not have exploits in the wild :
CVE-2023-21727 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-21729 Remote Procedure Call Runtime Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-21769 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-23375 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23384 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24860 Microsoft Defender Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24883 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24884 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24885 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24886 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24887 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24893 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24914 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24924 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24925 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24926 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24927 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24928 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24929 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24931 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28216 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28217 Windows Network Address Translation (NAT) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28221 Windows Error Reporting Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28222 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28223 Windows Domain Name Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28224 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28225 Windows NTLM Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28226 Windows Enroll Engine Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28227 Windows Bluetooth Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28228 Windows Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28229 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28232 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28233 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28234 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28235 Windows Lock Screen Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28236 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28237 Windows Kernel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28238 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28240 Windows Network Load Balancing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28241 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28243 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28244 Windows Kerberos Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28246 Windows Registry Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28247 Windows Network File System Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28248 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28249 Windows Boot Manager Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28251 Windows Driver Revocation List Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28253 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28254 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28255 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28256 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28262 Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28263 Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28267 Remote Desktop Protocol Client Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28268 Netlogon RPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28269 Windows Boot Manager Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28270 Windows Lock Screen Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28271 Windows Kernel Memory Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28272 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28273 Windows Clip Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28275 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28276 Windows Group Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28277 Windows DNS Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28278 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28285 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28287 Microsoft Publisher Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28288 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28291 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28292 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28293 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28295 Microsoft Publisher Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28296 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28297 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28298 Windows Kernel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28299 Visual Studio Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28300 Azure Service Connector Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28302 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28304 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28305 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28306 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28307 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28308 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28309 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-28311 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28313 Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-28314 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.