Once a month, in the middle of the Patch Tuesday release cycle, the Readiness teams publishes an update on Microsoft related patches, out of band (OOB) releases and republished CVE vulnerability documentation. This note is intended as a informal brief on recent changes and may reflect a dynamic or rapidly changing situation.
For the month of April 2023, this posting will include the following areas:
- Resolved issues
- Reported issues
- Updated CVE entries
- Scheduled Out-of-band (OOB) releases
To find out more about these and other related Windows Health issues, you can find a handy reference on the Windows Health dashboard. Here is a brief list covering Windows 10/11 of resolved issues for the past month.
- Third-party UI customization apps might cause Windows to not start up: Apps to change behaviours or UI in Windows 11 might cause issues with updates released February 28, 2023 or later. This issue has been reported as resolved by Microsoft.
- KB5023697: There have been reports of Server 2016 “stuck” in hung states after installing this update. This issue has been resolved by Microsoft.
In addition to the Microsoft dashboard, Microsoft has also published their revised Office 365 roadmap which details the latest changes to the Microsoft Office platform. Other than the existing XLL internet block there are no other reported issues for Microsoft Office this month.
This section deals with reported issues from Microsoft sources only. There may be plenty of problems reported in the media, which the Readiness will investigate but may not include in this brief:
- Microsoft Exchange Server (2016/19). Both KB5022143 and KB5022193 generate an issue with Outlook on the Web (OWA) with some web based views are not displayed correctly. This is known to be still outstanding and is with Microsoft. No release dates or planned updates are available at this time.
Updated Microsoft CVE Entries
Over the past few weeks since the last Patch Tuesday cycle, Microsoft periodically updates their release documentation as published by CVE entries. Here is a Windows focussed list of updates and revisions from the previous update cycle:
- CVE-2023-21722 .NET Framework Denial of Service Vulnerability. This is an informational change only.
- CVE-2023-21722, CVE-2023-21808.NET Framework Denial of Service Vulnerability. Microsoft has rereleased KB5022498 to address a known issue where customers who installed the .NET Framework 4.8 February cumulative update (KB5022502), then upgraded to .NET Framework 4.8.1 and subsequently scanned for updates were unable to install KB5022498. Customers who were unable to install KB5022498 should rescan for updates and install the update. Customers who have already successfully installed KB5022498 do not need to take any further action.
- CVE-2023-23413, CVE-2023-24867, CVE-2023-24907, CVE-2023-24909 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. The following changes were made to this CVE report’s description: 1) Added FAQ to explain how an attacker could exploit this Remote Code Execution vulnerability. 2) Removed incorrect CVSS metric FAQs. These are informational changes only.
- CVE-2023-28303 Windows Snipping Tool Information Disclosure Vulnerability. Added an FAQ to explain how to get the update from the Microsoft Store if automatic updates for the store are disabled. This is an informational change only.
Scheduled Out-of-band (OOB) releases.
At the time of writing there are no planned or documented Out of band releases scheduled for April from Microsoft.