Skip to content

Patch Tuesday April 2023

Jordan Hammond fun headshot
Jordan Hammond|April 11, 2023
Illustration of broken computer with bandaid
Illustration of broken computer with bandaid

It’s the first Patch Tuesday of spring, and I have the greatest (or most terrible?) collaboration of all time at my fingertips. I am, of course, referring to Peeps-flavored Pepsi. Full disclosure: I bought some of this bizarre beverage in preparation of this article. And I can confirm that it is the perfect representation of this month’s Patch Tuesday: it’s extreme, it’s terrible, and it should apologize for its very existence. JUST...LIKE....PEEPS....PEPSI!

  • Total exploits patched: 97

  • Critical patches: 7

  • Already known or exploited: 1

Two of these exploits are a 9.8, which is always a bad time. Anyway, now that I’ve pulled some muscles on that stretch, let’s dive into the lowlights.

Some highlights (or lowlights)

  • CVE-2023-21554: This exploit is a 9.8 on the CVSS. It is remote code execution impacting the Microsoft Messaging Queue. It has a network attack vector and does not require user interaction. That’s all terrible news, but luckily it does require a Windows component — that’s not on by default — named Message Queuing. You can check to see if your computer has that service running. In PowerShell that looks like this:

Get-Service "MSMQ" -ErrorAction SilentlyContinue | Select Status
  • CVE-2023-28250: This is the second and final 9.8 listed in this month. It impacts Windows Pragmatic General Multicast and has all the same markers of the previous example. In fact, the exact same PowerShell script will track if you are at risk or not. It’s nice when the worst of these exploits can get bundled up all nice and clean like this.

  • CVE-2023-28252: The last exploit we are going to cover is rated as a 7.8. It is an Elevation of Privilege on the Windows Common Log File System. It does not require any user interaction to run, but it does have a local attack vector, which limits who would be able to exploit this vulnerability. I mention this one because it has already been exploited in the wild, and it allows the attacker to get system privileges on the machine, so this is for sure one we want to get patched.

Wrapping up

That wraps up the latest Patch Tuesday, and while we have an improvement over last month, nearing 100 exploits is never ideal. One interesting outlier is that all the worst exploits can be tracked by the exact same thing — how nice of hackers to simplify things for us this month. But any way you look at it, the need to patch is not going away. So automating your updates can help you recover a lot of your time.

PDQ Deploy and PDQ Inventory are great for your automation. These tools will even help you run the PowerShell needed to see if your machines are at risk for this month. If you are looking to up your automation and even add a little reporting, check out this episode of the PDQ LIVE webcast, where we take a deeper dive into tracking which machines need to be patched.


Jordan Hammond fun headshot
Jordan Hammond

Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet.

Related articles