Windows 10: Microsoft Windows Security Updates April 2023: What you need to know before installation

It is the second Tuesday of April 2023, and that means that Microsoft has released security updates for Windows and other company products.

Security updates were released for Microsoft Windows, Office, Microsoft Edge and many other company products.

Our overview guides system administrators and home users. It lists the released updates and known issues, includes links to support articles and direct downloads, and provides information about other updates that Microsoft released on the April 2023 Patch Tuesday.

Click here to check out the March 2023 Microsoft Windows Patch Day overview in case you missed it.

Microsoft Windows Security Updates: April 2023


You can download the following Excel spreadsheet. It lists the released security updates of the April 2023 Microsoft Patch Day. Click on the following link to download it: Windows Security Updates April 2023

Executive Summary

• Microsoft released security updates for all supported client and server versions of Windows.
• Security updates were also released for .NET Core, Azure, Microsoft Office, Microsoft Defender for Endpoint, Microsoft Edge, Visual Studio and other company products.
• The following Windows client version have known issues: Windows 10 version 20H2, 21H2 and 22H2, Windows 11 version 21H2 and 22H2
• The following Windows server versions have known issues: Windows Server 2008, Windows Server 2008 R2, Windows Server 2019, Windows Server 2022

Operating System Distribution

• Windows 10 version 21H2 and 22H2: 56 vulnerabilities, 5 critical and 51 important.
  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2023-28250
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-28232
  • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-28220
  • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-28219
  • Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-21554
• Windows 11 and Windows 11 version 22H2: 59 vulnerabilities, 5 critical and 54 important
  • same as Windows 10 version 22H2

Windows Server products

• Windows Server 2008 R2 (extended support only): 43 vulnerabilities: 6 critical and 37 important
  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2023-28250
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-28232
  • DHCP Server Service Remote Code Execution Vulnerability -- CVE-2023-28231
  • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-28220
  • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-28219
  • Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-21554
• Windows Server 2012 R2: 62 vulnerabilities: 6 critical and 56 important
  • Same as Windows Server 2008 R2
• Windows Server 2016: 66 vulnerabilities: 6 critical and 60 important.
  • Same as Windows Server 2008 R2
• Windows Server 2019: 69 vulnerabilities: 6 critical and 63 important.
  • Same as Windows Server 2008 R2
• Windows Server 2022: 72 vulnerabilities: 6 critical and 66 important.
  • Same as Windows Server 2008 R2

Windows Security Updates


Windows 10 version 21H2 and 22H2

• Support Page: KB5025221

Updates and improvements:

• This update addresses security issues for your Windows operating system.
• It includes the optional updates released on March 21 as previews.

Windows 11 Release version

• Support Page: KB5025224

Updates and improvements:

• Implements "the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature on Pro, Edu and Enterprise editions. The feature is now integrated natively into Windows, and it allows administrators to manage the password of a local administrator account more efficiently using Active Directory. Additional information about the feature is available on Tech Community.
• Addresses a compatibility issue that is caused by "unsupported use of the registry" according to Microsoft. No additional information was provided.
• The update adds support for the Arab Republic of Egypt's daylight saving time change order for 2023.
• The update addresses an issue that affects kiosk device profiles.
• Includes the March Preview updates for Windows 11 version 21H2 as well.

Windows 11 version 22H2

• Support Page: KB5025239

Updates and improvements:

• Addresses a compatibility issue that is caused by "unsupported use of the registry" according to Microsoft. No additional information was provided.
• Implements "the new Windows Local Administrator Password Solution (LAPS) as a Windows inbox feature on Pro, Edu and Enterprise editions. The feature is now integrated natively into Windows, and it allows administrators to manage the password of a local administrator account more efficiently using Active Directory. Additional information about the feature is available on Tech Community.

Other security updates

Server

2023-04 Security Monthly Quality Rollup for Windows Server 2008 (KB5025271)

2023-04 Security Only Quality Update for Windows Server 2008 (KB5025273)

2023-04 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5025272)

2023-04 Security Only Quality Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5025277)

2023-04 Security Monthly Quality Rollup for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5025279)

2023-04 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB5025285)

2023-04 Security Only Quality Update for Windows Server 2012 R2 (KB5025288)

2023-04 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5025287)

2023-04 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5025228)

2023-04 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5025229)

2023-04 Cumulative Update for Windows 10 (KB5025234)

Known Issues


Windows 10 versions 21H2 and 22H2

• (Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed.
  • Workaround described on the support page.

Windows 11 version 21H2

• (Old) Some Windows devices with third-party user interface customizations may not start up after installing this update or future updates.
  • Microsoft recommends uninstalling the third-party UI customization applications before installing this update, or updating them, if updates are available. Check out our support article for additional information on the issue.
• The computer game Red Dead Redemption 2 may not open after installing this update.
  • Updating to the latest version of the game resolves the issue.

Windows 11 version 22H2

• (Old) Some Windows devices with third-party user interface customizations may not start up after installing this update or future updates.
  • Microsoft recommends uninstalling the third-party UI customization applications before installing this update, or updating them, if updates are available. Check out our support article for additional information on the issue.
• (Old) Provisioning packages may not work as expected. Windows may only be configured partially and the " Out Of Box Experience might not finish or might restart unexpectedly".
  • Provisioning the Windows device before upgrading to Windows 11 version 22H2 fixes the issue.
• (Old) Copying large files (multiple gigabytes) may take longer than expected.
  • Use the commands robocopy \\someserver\someshare c:\somefolder somefile.img /J or xcopy \\someserver\someshare c:\somefolder /J until fixed.

Security advisories and updates

• ADV 990001 -- Latest Servicing Stack Updates

Non-security updates


2023-04 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2, Windows 10 Version 21H2, Windows 10 Version 21H1, and Windows 10 Version 20H2 (KB5025188)

2023-04 Update for Windows 10 Version 21H2 (KB5026037)

2023-04 Update for Windows 11 (KB5026038)

2023-04 Update for Windows 11 Version 22H2 (KB5026039)

Microsoft Office Updates

You find Office update information here.

How to download and install the April 2023 security updates




Security updates are installed automatically on most non-managed Windows devices. Windows checks for updates regularly and will download and install these once it detects them.

Some administrators may want to speed up the process; this is done byy running a manual scan for updates, or by downloading updates manually to install them on Windows devices.

Do the following to run a manual check for updates:

1. Select Start, type Windows Update and load the Windows Update item that is displayed.
2. Select check for updates to run a manual check for updates.

Direct update downloads


Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 10 Version 21H2

• KB5025221 -- 2023-04 Cumulative Update for Windows 10 Version 21H2

Windows 10 version 22H2

• KB5025221 -- 2023-04 Cumulative Update for Windows 10 Version 21H2

Windows 11 Release version

• KB5025224 -- 2023-04 Cumulative Update for Windows 11

Windows 11 version 22H2

• KB5025239 -- 2023-04 Cumulative Update for Windows 11 version 22H2

Additional resources

• April 2023 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 11 Update History
• Windows 10 Update History

Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates April 2023: What you need to know before installation appeared first on gHacks Technology News.

read more...

 

Microsoft April 2023 Security Updates

April 2023 Security Updates
Updates this Month
This release consists of security updates for the following products, features and roles.

.NET Core
Azure Machine Learning
Azure Service Connector
Microsoft Bluetooth Driver
Microsoft Defender for Endpoint
Microsoft Dynamics
Microsoft Dynamics 365 Customer Voice
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Message Queuing
Microsoft Office
Microsoft Office Publisher
Microsoft Office SharePoint
Microsoft Office Word
Microsoft PostScript Printer Driver
Microsoft Printer Drivers
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows DNS
Visual Studio
Visual Studio Code
Windows Active Directory
Windows ALPC
Windows Ancillary Function Driver for WinSock
Windows Boot Manager
Windows Clip Service
Windows CNG Key Isolation Service
Windows Common Log File System Driver
Windows DHCP Server
Windows Enroll Engine
Windows Error Reporting
Windows Group Policy
Windows Internet Key Exchange (IKE) Protocol
Windows Kerberos
Windows Kernel
Windows Layer 2 Tunneling Protocol
Windows Lock Screen
Windows Netlogon
Windows Network Address Translation (NAT)
Windows Network File System
Windows Network Load Balancing
Windows NTLM
Windows PGM
Windows Point-to-Point Protocol over Ethernet (PPPoE)
Windows Point-to-Point Tunneling Protocol
Windows Raw Image Extension
Windows RDP Client
Windows Registry
Windows RPC API
Windows Secure Boot
Windows Secure Channel
Windows Secure Socket Tunneling Protocol (SSTP)
Windows Transport Security Layer (TLS)
Windows Win32K
Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information
The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

CVE-2023-21554
CVE-2023-21727
CVE-2023-21729
CVE-2023-23375
CVE-2023-23384
CVE-2023-24860
CVE-2023-24883
CVE-2023-24884
CVE-2023-24885
CVE-2023-24886
CVE-2023-24887
CVE-2023-24893
CVE-2023-24912
CVE-2023-24914
CVE-2023-24924
CVE-2023-24925
CVE-2023-24926
CVE-2023-24927
CVE-2023-24928
CVE-2023-24929
CVE-2023-24935
CVE-2023-28216
CVE-2023-28218
CVE-2023-28219
CVE-2023-28220
CVE-2023-28221
CVE-2023-28222
CVE-2023-28223
CVE-2023-28224
CVE-2023-28225
CVE-2023-28226
CVE-2023-28227
CVE-2023-28228
CVE-2023-28229
CVE-2023-28231
CVE-2023-28232
CVE-2023-28233
CVE-2023-28234
CVE-2023-28235
CVE-2023-28236
CVE-2023-28237
CVE-2023-28238
CVE-2023-28240
CVE-2023-28243
CVE-2023-28244
CVE-2023-28246
CVE-2023-28247
CVE-2023-28248
CVE-2023-28249
CVE-2023-28250
CVE-2023-28251
CVE-2023-28252
CVE-2023-28253
CVE-2023-28254
CVE-2023-28255
CVE-2023-28256
CVE-2023-28260
CVE-2023-28262
CVE-2023-28263
CVE-2023-28266
CVE-2023-28267
CVE-2023-28268
CVE-2023-28269
CVE-2023-28270
CVE-2023-28271
CVE-2023-28272
CVE-2023-28273
CVE-2023-28274
CVE-2023-28275
CVE-2023-28276
CVE-2023-28277
CVE-2023-28278
CVE-2023-28284
CVE-2023-28285
CVE-2023-28287
CVE-2023-28288
CVE-2023-28291
CVE-2023-28292
CVE-2023-28295
CVE-2023-28296
CVE-2023-28297
CVE-2023-28300
CVE-2023-28301
CVE-2023-28304
CVE-2023-28305
CVE-2023-28306
CVE-2023-28307
CVE-2023-28308
CVE-2023-28309
CVE-2023-28311
CVE-2023-28312
CVE-2023-28313
CVE-2023-28314
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002375 SharePoint Server Subscription Edition
5025221 Windows 10, version 20H2, Windows 10, version 21H2, Windows 10, version 22H2
5025224 Windows 11 version 21H2
5025229 Windows 10, Version 1809, Windows Server 2019
5025230 Windows Server 2022
5025239 Windows 11 version 22H2
5025271 Windows Server 2008 (Monthly Rollup)
5025273 Windows Server 2008 (Security-only update)
5025277 Windows Server 2008 R2 (Security-only update)
5025279 Windows Server 2008 R2 (Monthly Rollup)Released: Apr 11, 2023

https://msrc.microsoft.com/update-gu...eNote/2023-Apr

 

Microsoft April 2023 Security Updates

April 2023 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Core
  
• Azure Machine Learning
  
• Azure Service Connector
  
• Microsoft Bluetooth Driver
  
• Microsoft Defender for Endpoint
  
• Microsoft Dynamics
  
• Microsoft Dynamics 365 Customer Voice
  
• Microsoft Edge (Chromium-based)
  
• Microsoft Graphics Component
  
• Microsoft Message Queuing
  
• Microsoft Office
  
• Microsoft Office Publisher
  
• Microsoft Office SharePoint
  
• Microsoft Office Word
  
• Microsoft PostScript Printer Driver
  
• Microsoft Printer Drivers
  
• Microsoft WDAC OLE DB provider for SQL
  
• Microsoft Windows DNS
  
• Visual Studio
  
• Visual Studio Code
  
• Windows Active Directory
  
• Windows ALPC
  
• Windows Ancillary Function Driver for WinSock
  
• Windows Boot Manager
  
• Windows Clip Service
  
• Windows CNG Key Isolation Service
  
• Windows Common Log File System Driver
  
• Windows DHCP Server
  
• Windows Enroll Engine
  
• Windows Error Reporting
  
• Windows Group Policy
  
• Windows Internet Key Exchange (IKE) Protocol
  
• Windows Kerberos
  
• Windows Kernel
  
• Windows Layer 2 Tunneling Protocol
  
• Windows Lock Screen
  
• Windows Netlogon
  
• Windows Network Address Translation (NAT)
  
• Windows Network File System
  
• Windows Network Load Balancing
  
• Windows NTLM
  
• Windows PGM
  
• Windows Point-to-Point Protocol over Ethernet (PPPoE)
  
• Windows Point-to-Point Tunneling Protocol
  
• Windows Raw Image Extension
  
• Windows RDP Client
  
• Windows Registry
  
• Windows RPC API
  
• Windows Secure Boot
  
• Windows Secure Channel
  
• Windows Secure Socket Tunneling Protocol (SSTP)
  
• Windows Transport Security Layer (TLS)
  
• Windows Win32K
  

Please note the following information regarding the security updates:

Security Update Guide Blog Posts

Date Blog Post

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2023-21554
  
• CVE-2023-21727
  
• CVE-2023-21729
  
• CVE-2023-23375
  
• CVE-2023-23384
  
• CVE-2023-24860
  
• CVE-2023-24883
  
• CVE-2023-24884
  
• CVE-2023-24885
  
• CVE-2023-24886
  
• CVE-2023-24887
  
• CVE-2023-24893
  
• CVE-2023-24912
  
• CVE-2023-24914
  
• CVE-2023-24924
  
• CVE-2023-24925
  
• CVE-2023-24926
  
• CVE-2023-24927
  
• CVE-2023-24928
  
• CVE-2023-24929
  
• CVE-2023-24935
  
• CVE-2023-28216
  
• CVE-2023-28218
  
• CVE-2023-28219
  
• CVE-2023-28220
  
• CVE-2023-28221
  
• CVE-2023-28222
  
• CVE-2023-28223
  
• CVE-2023-28224
  
• CVE-2023-28225
  
• CVE-2023-28226
  
• CVE-2023-28227
  
• CVE-2023-28228
  
• CVE-2023-28229
  
• CVE-2023-28231
  
• CVE-2023-28232
  
• CVE-2023-28233
  
• CVE-2023-28234
  
• CVE-2023-28235
  
• CVE-2023-28236
  
• CVE-2023-28237
  
• CVE-2023-28238
  
• CVE-2023-28240
  
• CVE-2023-28243
  
• CVE-2023-28244
  
• CVE-2023-28246
  
• CVE-2023-28247
  
• CVE-2023-28248
  
• CVE-2023-28249
  
• CVE-2023-28250
  
• CVE-2023-28251
  
• CVE-2023-28252
  
• CVE-2023-28253
  
• CVE-2023-28254
  
• CVE-2023-28255
  
• CVE-2023-28256
  
• CVE-2023-28260
  
• CVE-2023-28262
  
• CVE-2023-28263
  
• CVE-2023-28266
  
• CVE-2023-28267
  
• CVE-2023-28268
  
• CVE-2023-28269
  
• CVE-2023-28270
  
• CVE-2023-28271
  
• CVE-2023-28272
  
• CVE-2023-28273
  
• CVE-2023-28274
  
• CVE-2023-28275
  
• CVE-2023-28276
  
• CVE-2023-28277
  
• CVE-2023-28278
  
• CVE-2023-28284
  
• CVE-2023-28285
  
• CVE-2023-28287
  
• CVE-2023-28288
  
• CVE-2023-28291
  
• CVE-2023-28292
  
• CVE-2023-28295
  
• CVE-2023-28296
  
• CVE-2023-28297
  
• CVE-2023-28300
  
• CVE-2023-28301
  
• CVE-2023-28304
  
• CVE-2023-28305
  
• CVE-2023-28306
  
• CVE-2023-28307
  
• CVE-2023-28308
  
• CVE-2023-28309
  
• CVE-2023-28311
  
• CVE-2023-28312
  
• CVE-2023-28313
  
• CVE-2023-28314
  

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To

5002375 SharePoint Server Subscription Edition

5025221 Windows 10, version 20H2, Windows 10, version 21H2, Windows 10, version 22H2

5025224 Windows 11 version 21H2

5025229 Windows 10, Version 1809, Windows Server 2019

5025230 Windows Server 2022

5025239 Windows 11 version 22H2

5025271 Windows Server 2008 (Monthly Rollup)

5025273 Windows Server 2008 (Security-only update)

5025277 Windows Server 2008 R2 (Security-only update)

5025279 Windows Server 2008 R2 (Monthly Rollup)

Released: Apr 11, 2023

April 2023 Security Updates - Release Notes - Security Update Guide - Microsoft

 

What is New in Microsoft Teams for April 2023

Read more:

• https://techcommunity.microsoft.com/...3/ba-p/3809297
• https://techcommunity.microsoft.com/...3/ba-p/3809694