SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2023. A list of issues reported, along with SonicWall coverage information, is as follows:
CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability
IPS 3699: Microsoft Message Queuing RCE (CVE-2023-21554)
CVE-2023-24912 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 436: Exploit-exe exe.MP_315
CVE-2023-28218 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
ASPY 437: Exploit-exe exe.MP_316
CVE-2023-28219 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
IPS 3701: Windows L2TP Handling RCE (CVE-2023-28219)
CVE-2023-28220 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
IPS 18418: Windows L2TP Handling RCE (CVE-2023-28220)
CVE-2023-28266 Windows Common Log File System Driver Information Disclosure Vulnerability
ASPY 433: Exploit-exe exe.MP_313
CVE-2023-28274 Windows Win32k Elevation of Privilege Vulnerability
ASPY 434: Exploit-exe exe.MP_314
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
This CVE is used in ransomware attacks which is covered by GAV:Nokoyawa.RSM
Adobe Coverage:
CVE-2023-26417 Acrobat Reader arbitrary code execution
ASPY 438: Malformed-pdf pdf.MP_509
CVE-2023-26406 Acrobat Reader security feature bypass
ASPY 435: Malicious-js js.MP_28
The following vulnerabilities do not have exploits in the wild :
CVE-2023-21727 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-21729 Remote Procedure Call Runtime Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-21769 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-23375 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23384 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24860 Microsoft Defender Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24883 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24884 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24885 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24886 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24887 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24893 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24914 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24924 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24925 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24926 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24927 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24928 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24929 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24931 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28216 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28217 Windows Network Address Translation (NAT) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28221 Windows Error Reporting Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28222 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28223 Windows Domain Name Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28224 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28225 Windows NTLM Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28226 Windows Enroll Engine Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28227 Windows Bluetooth Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28228 Windows Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28229 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28232 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28233 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28234 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28235 Windows Lock Screen Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28236 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28237 Windows Kernel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28238 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28240 Windows Network Load Balancing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28241 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28243 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28244 Windows Kerberos Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28246 Windows Registry Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28247 Windows Network File System Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28248 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28249 Windows Boot Manager Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28251 Windows Driver Revocation List Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28253 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28254 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28255 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28256 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28262 Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28263 Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28267 Remote Desktop Protocol Client Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28268 Netlogon RPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28269 Windows Boot Manager Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28270 Windows Lock Screen Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28271 Windows Kernel Memory Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28272 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28273 Windows Clip Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28275 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28276 Windows Group Policy Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28277 Windows DNS Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28278 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28285 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28287 Microsoft Publisher Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28288 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28291 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28292 Raw Image Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28293 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28295 Microsoft Publisher Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28296 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28297 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-28298 Windows Kernel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28299 Visual Studio Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-28300 Azure Service Connector Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-28302 Microsoft Message Queuing Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-28304 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28305 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28306 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28307 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28308 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28309 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-28311 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-28313 Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-28314 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.