QID 92007

Date Published: 2023-04-12

QID 92007: Microsoft Windows Message Queuing Multiple Vulnerabilities (April 2023)

Microsoft Windows Security Update - April 2023

CVE-2023-21554: Microsoft Message Queuing Remote Code Execution Vulnerability CVE-2023-28250: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Operating Systems: The KB Articles associated with the update:
The patch version is 10.0.19041.2846 KB5025221
The patch version is 10.0.20348.1668 KB5025230
The patch version is 10.0.17763.4252 KB5025229
The patch version is 6.3.9600.20919 KB5025285
The patch version is 6.3.9600.20919 KB5025288
The patch version is 6.2.9200.24216 KB5025287
The patch version is 6.2.9200.24216 KB5025272
The patch version is 6.1.7601.26465 KB5025279
The patch version is 6.1.7601.26465 KB5025277
The patch version is 6.0.6003.22015 KB5025271
The patch version is 6.0.6003.22015 KB5025273
The patch version is 10.0.14393.5850 KB5025228
The patch version is 10.0.10240.19869 KB5025234
The patch version is 10.0.22621.1555 KB5025239
The patch version is 10.0.22000.1817 KB5025224
QID Detection Logic (Authenticated):

This QID checks for the file version of

Successful exploit could compromise Confidentiality, Integrity and Availability

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as Critical - 9 severity.

Solution

Please refer to the following KB Articles associated with the update:
KB5025221
KB5025230
KB5025229
KB5025285
KB5025288
KB5025287
KB5025272
KB5025279
KB5025277
KB5025271
KB5025273
KB5025228
KB5025234
KB5025239
KB5025224

Vendor References

KB5025221 - support.microsoft.com/en-in/help/5025221
KB5025224 - support.microsoft.com/en-in/help/5025224
KB5025228 - support.microsoft.com/en-in/help/5025228
KB5025229 - support.microsoft.com/en-in/help/5025229
KB5025230 - support.microsoft.com/en-in/help/5025230
KB5025234 - support.microsoft.com/en-in/help/5025234
KB5025239 - support.microsoft.com/en-in/help/5025239
KB5025271 - support.microsoft.com/en-in/help/5025271
KB5025272 - support.microsoft.com/en-in/help/5025272
KB5025273 - support.microsoft.com/en-in/help/5025273
KB5025277 - support.microsoft.com/en-in/help/5025277
KB5025279 - support.microsoft.com/en-in/help/5025279
KB5025285 - support.microsoft.com/en-in/help/5025285
KB5025287 - support.microsoft.com/en-in/help/5025287
KB5025288 - support.microsoft.com/en-in/help/5025288

CVEs related to QID 92007

CVE-2023-21554 | CVE-2023-28250 |

Software Advisories

Advisory ID	Software	Component	Link
KB5025221			support.microsoft.com/en-in/help/5025221
KB5025224			support.microsoft.com/en-in/help/5025224
KB5025228			support.microsoft.com/en-in/help/5025228
KB5025229			support.microsoft.com/en-in/help/5025229
KB5025230			support.microsoft.com/en-in/help/5025230
KB5025234			support.microsoft.com/en-in/help/5025234
KB5025239			support.microsoft.com/en-in/help/5025239
KB5025271			support.microsoft.com/en-in/help/5025271
KB5025272			support.microsoft.com/en-in/help/5025272
KB5025273			support.microsoft.com/en-in/help/5025273
KB5025277			support.microsoft.com/en-in/help/5025277
KB5025279			support.microsoft.com/en-in/help/5025279
KB5025285			support.microsoft.com/en-in/help/5025285
KB5025287			support.microsoft.com/en-in/help/5025287
KB5025288			support.microsoft.com/en-in/help/5025288

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].