Microsoft Releases April 2023 Patch Tuesday Updates for Windows 11 and Windows 10
Microsoft has released today the April 2023 Patch Tuesday updates for Windows 11 and Windows 10. This month, Microsoft fixed 97 vulnerabilities in Windows and other components, with one of them being already exploited by attackers.
On the quality and experience updates front, Microsoft is making the new Windows Local Administrator Password Solution (LAPS) an inbox feature on Windows 11, Windows 10, and Windows Server 2019 or newer. The feature is now natively integrated and will be serviced via the normal Windows patching process.
Let’s start with the long list of security flaws Microsoft released this month, which includes a good amount of remote code execution vulnerabilities.
97vulnerabilities fixed in the March Patch Tuesday updates
Among the 97 security vulnerabilities addressed with the April 2023 Patch Tuesday updates, 7 are rated “Critical” and the rest are rated “Important.” The Zero Day Initiative also pointed out that none of the bugs disclosed during the recent Pwn2Own Vancouver are being addressed with these updates.
Here are the most important patches you should know about this month:
- CVE-2023-28252: This is a Windows Common Log File System Driver Elevation of Privilege Vulnerability that’s already being exploited by attackers to gain SYSTEM privileges.
- CVE-2023-28231: This DHCP Server Service Remote Code Execution Vulnerability can be exploited by an authenticated attacker using a specially crafted RPC call to the DHCP service.
- CVE-2023-28219: This Layer 2 Tunneling Protocol Remote Code Execution Vulnerability requires an unauthenticated attacker to send a specially crafted connection request to a RAS server.
- CVE-2023-21554: This Microsoft Message Queuing Remote Code Execution Vulnerability can be exploited by an attacker sending a specially crafted malicious MSMQ packet to an MSMQ server.
- CVE-2023-28291: This Raw Image Extension Remote Code Execution Vulnerability requires an attacker or victim to execute a specially crafted application or file from the local machine to take control of the system.
- CVE-2023-28232: This Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability could be triggered when a user connects a Windows client to a malicious server.
Here’s the full list of patches Microsoft released this month:
| Product | Impact | Max Severity | Article | Download | Details |
| Windows 10 Version 20H2 for ARM64-based Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows 10 Version 20H2 for 32-bit Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows 10 Version 20H2 for x64-based Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows Server 2022 (Server Core installation) | Information Disclosure | Important | 5025230 | Security Update | CVE-2023-21729 |
| Windows Server 2022 | Information Disclosure | Important | 5025230 | Security Update | CVE-2023-21729 |
| Windows Server 2019 (Server Core installation) | Information Disclosure | Important | 5025229 | Security Update | CVE-2023-21729 |
| Windows Server 2019 | Information Disclosure | Important | 5025229 | Security Update | CVE-2023-21729 |
| Windows 10 Version 1809 for ARM64-based Systems | Information Disclosure | Important | 5025229 | Security Update | CVE-2023-21729 |
| Windows 10 Version 1809 for x64-based Systems | Information Disclosure | Important | 5025229 | Security Update | CVE-2023-21729 |
| Windows 10 Version 1809 for 32-bit Systems | Information Disclosure | Important | 5025229 | Security Update | CVE-2023-21729 |
| Microsoft ODBC Driver 18 for SQL Server | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28304 |
| Microsoft OLE DB Driver 19 for SQL Server | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28304 |
| Microsoft OLE DB Driver 18 for SQL Server | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28304 |
| Microsoft ODBC Driver 17 for SQL Server | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28304 |
| Azure Service Connector | Security Feature Bypass | Important | Release Notes | Security Update | CVE-2023-28300 |
| Raw Image Extension | Remote Code Execution | Important | Update Information | Security Update | CVE-2023-28292 |
| Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5025285 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2012 R2 (Server Core installation) | Information Disclosure | Important | 5025288 | Security Only | CVE-2023-21729 |
| Windows Server 2012 R2 | Information Disclosure | Important | 5025285 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2012 R2 | Information Disclosure | Important | 5025288 | Security Only | CVE-2023-21729 |
| Windows Server 2012 (Server Core installation) | Information Disclosure | Important | 5025287 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2012 (Server Core installation) | Information Disclosure | Important | 5025272 | Security Only | CVE-2023-21729 |
| Windows Server 2012 | Information Disclosure | Important | 5025287 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2012 | Information Disclosure | Important | 5025272 | Security Only | CVE-2023-21729 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Information Disclosure | Important | 5025279 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Information Disclosure | Important | 5025277 | Security Only | CVE-2023-21729 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Information Disclosure | Important | 5025279 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Information Disclosure | Important | 5025277 | Security Only | CVE-2023-21729 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5025271 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5025273 | Security Only | CVE-2023-21729 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Information Disclosure | Important | 5025271 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Information Disclosure | Important | 5025273 | Security Only | CVE-2023-21729 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5025271 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Information Disclosure | Important | 5025273 | Security Only | CVE-2023-21729 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Information Disclosure | Important | 5025271 | Monthly Rollup | CVE-2023-21729 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Information Disclosure | Important | 5025273 | Security Only | CVE-2023-21729 |
| Windows Server 2016 (Server Core installation) | Information Disclosure | Important | 5025228 | Security Update | CVE-2023-21729 |
| Windows Server 2016 | Information Disclosure | Important | 5025228 | Security Update | CVE-2023-21729 |
| Windows 10 Version 1607 for x64-based Systems | Information Disclosure | Important | 5025228 | Security Update | CVE-2023-21729 |
| Windows 10 Version 1607 for 32-bit Systems | Information Disclosure | Important | 5025228 | Security Update | CVE-2023-21729 |
| Windows 10 for x64-based Systems | Information Disclosure | Important | 5025234 | Security Update | CVE-2023-21729 |
| Windows 10 for 32-bit Systems | Information Disclosure | Important | 5025234 | Security Update | CVE-2023-21729 |
| Windows 10 Version 22H2 for 32-bit Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows 10 Version 22H2 for ARM64-based Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows 10 Version 22H2 for x64-based Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows 11 Version 22H2 for x64-based Systems | Information Disclosure | Important | 5025239 | Security Update | CVE-2023-21729 |
| Windows 11 Version 22H2 for ARM64-based Systems | Information Disclosure | Important | 5025239 | Security Update | CVE-2023-21729 |
| Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows 10 Version 21H2 for ARM64-based Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows 10 Version 21H2 for 32-bit Systems | Information Disclosure | Important | 5025221 | Security Update | CVE-2023-21729 |
| Windows 11 version 21H2 for ARM64-based Systems | Information Disclosure | Important | 5025224 | Security Update | CVE-2023-21729 |
| Windows 11 version 21H2 for x64-based Systems | Information Disclosure | Important | 5025224 | Security Update | CVE-2023-21729 |
| Send Customer Voice survey from Dynamics 365 | Spoofing | Important | Release Notes | Security Update | CVE-2023-28313 |
| Azure Machine Learning | Information Disclosure | Important | Release Notes | Security Update | CVE-2023-28312 |
| Microsoft Office 2019 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-28287 |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-28287 |
| Microsoft Publisher 2013 Service Pack 1 RT | Remote Code Execution | Important | 5002213 | Security Update | CVE-2023-28287 |
| Microsoft Office 2019 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-28287 |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-28287 |
| Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-28287 |
| Microsoft Office LTSC 2021 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-28287 |
| Visual Studio Code | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-24893 |
| Microsoft Dynamics 365 (on-premises) version 9.1 | Spoofing | Important | XXXXXXX | Security Update | CVE-2023-28314 |
| Microsoft Dynamics 365 (on-premises) version 9.0 | Spoofing | Important | XXXXXXX | Security Update | CVE-2023-28314 |
| Microsoft Visual Studio 2022 version 17.5 | Spoofing | Important | Release Notes | Security Update | CVE-2023-28299 |
| Microsoft Visual Studio 2022 version 17.0 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28260 |
| Microsoft Visual Studio 2022 version 17.2 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28260 |
| Microsoft Visual Studio 2022 version 17.4 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28260 |
| Microsoft Office LTSC for Mac 2021 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28311 |
| Microsoft Office 2019 for Mac | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-28311 |
| Microsoft Publisher 2016 (32-bit edition) | Remote Code Execution | Important | 5002221 | Security Update | CVE-2023-28295 |
| Microsoft Publisher 2013 Service Pack 1 (64-bit editions) | Remote Code Execution | Important | 5002213 | Security Update | CVE-2023-28295 |
| Microsoft Publisher 2013 Service Pack 1 (32-bit editions) | Remote Code Execution | Important | 5002213 | Security Update | CVE-2023-28295 |
| Microsoft Publisher 2016 (64-bit edition) | Remote Code Execution | Important | 5002221 | Security Update | CVE-2023-28295 |
| Windows 11 version 21H2 for ARM64-based Systems | Denial of Service | Important | 5025239 | Security Update | CVE-2023-28302 |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Spoofing | Important | Release Notes | Security Update | CVE-2023-28299 |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Spoofing | Important | Release Notes | Security Update | CVE-2023-28299 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022352 | Monthly Rollup | CVE-2023-28297 |
| Windows Server 2012 R2 (Server Core installation) | Elevation of Privilege | Important | 5022346 | Security Only | CVE-2023-28297 |
| Windows Server 2012 R2 | Elevation of Privilege | Important | 5022352 | Monthly Rollup | CVE-2023-28297 |
| Windows Server 2012 R2 | Elevation of Privilege | Important | 5022346 | Security Only | CVE-2023-28297 |
| Windows Server 2012 (Server Core installation) | Elevation of Privilege | Important | 5022348 | Monthly Rollup | CVE-2023-28297 |
| Windows Server 2012 (Server Core installation) | Elevation of Privilege | Important | 5022343 | Security Only | CVE-2023-28297 |
| Windows Server 2012 | Elevation of Privilege | Important | 5022348 | Monthly Rollup | CVE-2023-28297 |
| Windows Server 2012 | Elevation of Privilege | Important | 5022343 | Security Only | CVE-2023-28297 |
| Windows Server 2016 (Server Core installation) | Elevation of Privilege | Important | 5022289 | Security Update | CVE-2023-28297 |
| Windows Server 2016 | Elevation of Privilege | Important | 5022289 | Security Update | CVE-2023-28297 |
| Windows 10 Version 1607 for x64-based Systems | Elevation of Privilege | Important | 5022289 | Security Update | CVE-2023-28297 |
| Windows 10 Version 1607 for 32-bit Systems | Elevation of Privilege | Important | 5022289 | Security Update | CVE-2023-28297 |
| Windows 10 for x64-based Systems | Elevation of Privilege | Important | 5022297 | Security Update | CVE-2023-28297 |
| Windows 10 for 32-bit Systems | Elevation of Privilege | Important | 5022297 | Security Update | CVE-2023-28297 |
| Windows 10 Version 22H2 for 32-bit Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows 10 Version 22H2 for ARM64-based Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows 10 Version 22H2 for x64-based Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows 11 Version 22H2 for x64-based Systems | Elevation of Privilege | Important | 5022303 | Security Update | CVE-2023-28297 |
| Windows 11 Version 22H2 for ARM64-based Systems | Elevation of Privilege | Important | 5022303 | Security Update | CVE-2023-28297 |
| Windows 10 Version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows 10 Version 21H2 for ARM64-based Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows 10 Version 21H2 for 32-bit Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows 11 version 21H2 for ARM64-based Systems | Elevation of Privilege | Important | 5022287 | Security Update | CVE-2023-28297 |
| Windows 11 version 21H2 for x64-based Systems | Elevation of Privilege | Important | 5022287 | Security Update | CVE-2023-28297 |
| Windows 10 Version 20H2 for ARM64-based Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows 10 Version 20H2 for 32-bit Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows 10 Version 20H2 for x64-based Systems | Elevation of Privilege | Important | 5022282 | Security Update | CVE-2023-28297 |
| Windows Server 2022 (Server Core installation) | Elevation of Privilege | Important | 5022291 | Security Update | CVE-2023-28297 |
| Windows Server 2022 | Elevation of Privilege | Important | 5022291 | Security Update | CVE-2023-28297 |
| Windows Server 2019 (Server Core installation) | Elevation of Privilege | Important | 5022286 | Security Update | CVE-2023-28297 |
| Windows Server 2019 | Elevation of Privilege | Important | 5022286 | Security Update | CVE-2023-28297 |
| Windows 10 Version 1809 for ARM64-based Systems | Elevation of Privilege | Important | 5022286 | Security Update | CVE-2023-28297 |
| Windows 10 Version 1809 for x64-based Systems | Elevation of Privilege | Important | 5022286 | Security Update | CVE-2023-28297 |
| Windows 10 Version 1809 for 32-bit Systems | Elevation of Privilege | Important | 5022286 | Security Update | CVE-2023-28297 |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | Spoofing | Important | 5002383 | Security Update | CVE-2023-28288 |
| Microsoft SharePoint Server Subscription Edition | Spoofing | Important | 5002375 | Security Update | CVE-2023-28288 |
| Microsoft SharePoint Server 2019 | Spoofing | Important | 5002373 | Security Update | CVE-2023-28288 |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | Spoofing | Important | 5002381 | Cumulative Update | CVE-2023-28288 |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | Spoofing | Important | 5002383 | Security Update | CVE-2023-28288 |
| Microsoft SharePoint Enterprise Server 2016 | Spoofing | Important | 5002385 | Security Update | CVE-2023-28288 |
| .NET 7.0 | Remote Code Execution | Important | 5025916 | Security Update | CVE-2023-28260 |
| .NET 6.0 | Remote Code Execution | Important | 5025915 | Security Update | CVE-2023-28260 |
| Remote Desktop client for Windows Desktop | Information Disclosure | Important | Release Notes | Security Update | CVE-2023-28267 |
| Microsoft Malware Protection Engine | Denial of Service | Important | Security Update | CVE-2023-24860 | |
| Microsoft SQL Server 2022 for x64-based Systems (GDR) | Remote Code Execution | Important | 5021522 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2019 for x64-based Systems (CU 18) | Remote Code Execution | Important | 5021124 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | Remote Code Execution | Important | 5021126 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connectivity Pack | Remote Code Execution | Important | 5021128 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | Remote Code Execution | Important | 5021129 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU 4) | Remote Code Execution | Important | 5021045 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | Remote Code Execution | Important | 5021125 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) | Remote Code Execution | Important | 5021045 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) | Remote Code Execution | Important | 5021037 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) | Remote Code Execution | Important | 5021037 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) | Remote Code Execution | Important | 5020863 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) | Remote Code Execution | Important | 5021112 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) | Remote Code Execution | Important | 5021112 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | Remote Code Execution | Important | 5021127 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) | Remote Code Execution | Important | 5021123 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE) | Remote Code Execution | Important | 5021123 | Security Update | CVE-2023-23384 |
| Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) | Remote Code Execution | Important | 5020863 | Security Update | CVE-2023-23384 |
Quality and experiences updates
With the April 2023 Patch Tuesday updates, Microsoft’s Local Administrator Password Solution (LAPS) is now natively integrated into Windows. This affects Windows 11 and Windows 10 Pro, EDU, and Enterprise, Windows Server 2022 and Windows Server Core 2022, as well as Windows Server 2019.
The new built-in Windows LAPS also adds support for Azure Active Directory in private preview. Moreover, there are a couple of new capabilities for on-premises Active Directory scenarios, as well as new features for both Azure AD and on-premises AD scenarios. You can more details about what’s new in this article.
On Windows 11 version 22H2, this month’s KB5025239 patch will make the search box on the taskbar look slightly lighter when using custom color mode. This will be especially noticeable if you set Windows mode to dark and app mode to light on your PC.
Lastly, Microsoft has also fixed the following bugs in this patch:
- USB printers are no longer classified as multimedia devices.
- Microsoft Narrator can now read dropdown lists in Excel.
- PowerPoint will no longer become unresponsive when using accessibility tools.
- NotePad will now show the combo box with all options in Settings.
On Windows 10 versions 20H2, 21H2, and 22H2, the KB5025221 patch addresses a known issue with kiosk device profiles which caused devices where automatic logon is enabled to not work. As mentioned above, this update also adds the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.