Выпустил блогопост и видяшку по апрельскому Micorosoft Patch Tues­day Vul­ris­tics для англоязычного канала и блога. По сравнению с первыми впечатлениями добавились Microsoft Word RCE (CVE-2023–28311) с эксплоитом и Win­dows Prag­mat­ic Gen­er­al Mul­ti­cast (PGM) RCE (CVE-2023–28250) похожая на Queue­Jumper RCE в MSMQ. Также добавил много RCE в Win­dows DNS Serv­er, но что-то определенное по ним сказать сложно.

Crit­i­cal
00:50 Ele­va­tion of Priv­i­lege — Win­dows Com­mon Log File Sys­tem Dri­ver (CVE-2023–28252)
01:44 Remote Code Exe­cu­tion — Microsoft Word (CVE-2023–28311)

Oth­er
02:18 Remote Code Exe­cu­tion — Microsoft Mes­sage Queu­ing (CVE-2023–21554) (Queue­Jumper)
03:17 Remote Code Exe­cu­tion — Win­dows Prag­mat­ic Gen­er­al Mul­ti­cast (PGM) (CVE-2023–28250)
04:05 Lots of CVEs Remote Code Exe­cu­tion – Microsoft Post­Script and PCL6 Class Print­er Dri­ver (CVE-2023–24884, CVE-2023–24885, CVE-2023–24886, CVE-2023–24887, CVE-2023–24924, CVE-2023–24925, CVE-2023–24926, CVE-2023–24927, CVE-2023–24928, CVE-2023–24929, CVE-2023–28243)
04:24 Lots of CVEs Remote Code Exe­cu­tion – Win­dows DNS Serv­er (CVE-2023–28254, CVE-2023–28255, CVE-2023–28256, CVE-2023–28278, CVE-2023–28305, CVE-2023–28306, CVE-2023–28307, CVE-2023–28308)
04:32 Remote Code Exe­cu­tion — DHCP Serv­er Ser­vice (CVE-2023–28231)

Video: https://youtu.be/aLt5k18jOwY
Video2 (for Rus­sia): https://vk.com/video-149273431_456239123
Blog­post: https://avleonov.com/2023/04/28/microsoft-patch-tuesday-april-2023-clfs-eop-word-rce-msmq-queuejumper-rce-pcl6-dns-dhcp/
Vul­ris­tics report: https://avleonov.com/vulristics_reports/ms_patch_tuesday_april2023_report_with_comments_ext_img.html