Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP

Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2023, including vulnerabilities that were added between March and April Patch Tuesdays. Compared to my first impressions , Microsoft Word RCE (CVE-2023-28311) with an exploit and Windows Pragmatic General Multicast (PGM) RCE (CVE-2023-28250) similar to MSMQ QueueJumper RCE have been added. I also added a lot of Windows DNS Server RCEs, but it’s hard to say anything specific about them. Critical 00:50 Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-28252) 01:44 Remote Code Execution - Microsoft Word (CVE-2023-28311) Other 02:18 Remote Code Execution - Microsoft Message Queuing (CVE-2023-21554) (QueueJumper) 03:17 Remote Code Execution - Windows Pragmatic General Multicast (PGM) (CVE-2023-28250) 04:05 Lots of CVEs Remote Code Execution – Microsoft PostScript and PCL6 Class Printer Driver (CVE-2023-24884, CVE-2023-24885, CVE-2023-24886, CVE-2023-24887, CVE-2023-24924, CVE-2023-24925, CVE-2023-24926, CVE-2023-24927, CVE-2023-24928, CVE-2023-24929, CVE-2023-28243) 04:24 Lots of CVEs Remote Code Execution – Windows DNS Server (CVE-2023-28254, CVE-2023-28255, CVE-2023-28256, CVE-2023-28278, CVE-2023-28305, CVE-2023-28306, CVE-2023-28307, CVE-2023-28308) 04:32 Remote Code Execution - DHCP Server Service (CVE-2023-28231) Blogpost: #QueueJumper #PatchTuesday #Microsoft #CLFS #CyberCentral #DHCP #DNS #EoP #MSWord #MSMQ #PCL6 #RCE