Don’t miss our April 2023 Patch Tuesday webcast for all the details on the most important vulnerabilities of the month.
Microsoft releases 98 fixes this month including 8 Critical and 1 Weaponised Threats
There are 8 Critical and 90 Important fixes for Patch Tuesday, April 2023. Microsoft Windows, Windows Components, Office and Office Components, Windows Defender, SharePoint Server, Windows Hyper-V, PostScript Printer and Microsoft Dynamics have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “We have a Weaponised vulnerability to fix this month and we also have a second month with a very large number of fixes impacting PostScript and PCL6 Class Printer Drivers. Careful testing must be done to ensure no printing issues are experienced following patching. We also have 2 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, April has a combined CVSS score of 722.4 up from 529.6 last month.”
Top April 2023 Patches and Vulnerabilities
Based on the Vendor Severity and CVSS Score, we have made a few recommendations below. As usual, we recommend entering the CVE numbers below into your patch management solution and deploying as soon as possible.
1. CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
This vulnerability has been fixed several times this month, and has been Exploited at least twice before, which indicates to us that they have not fixed the issue yet. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Note: The vulnerability is being actively exploited.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Unchanged / No
2. CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability
According to Microsoft, this vulnerability is More Likely to be Exploited. The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: Yes
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
3. CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
According to Microsoft, this vulnerability is More Likely to be Exploited. The vulnerability exists due to insufficient validation of user-supplied input in the Windows Pragmatic General Multicast (PGM). A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
April 2023 CVE Overview
Additional newly identified CVEs and corresponding information can be found below.
| Reference | Description | Vulnerability Impact | Vendor Severity | CVSS Score | Weaponized | Publicly Aware | Exploitability Assessment | Additional Details |
| CVE-2023-28252 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | Yes | No | Exploitation Detected | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-21554 | Microsoft Message Queuing Remote Code Execution Vulnerability | Remote Code Execution | Critical | 9.8 | No | No | Exploitation More Likely | |
| CVE-2023-28250 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Remote Code Execution | Critical | 9.8 | No | No | Exploitation Less Likely | Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:
The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. |
| CVE-2023-28231 | DHCP Server Service Remote Code Execution Vulnerability | Remote Code Execution | Critical | 8.8 | No | No | Exploitation More Likely | |
| CVE-2023-28240 | Windows Network Load Balancing Remote Code Execution Vulnerability | Remote Code Execution | Critical | 8.8 | No | No | Exploitation Less Likely | A workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. The following workaround might be helpful in your situation:
Migrate from Network Load Balancing to Software Load Balancing. |
| CVE-2023-28291 | Raw Image Extension Remote Code Execution Vulnerability | Remote Code Execution | Critical | 8.4 | No | No | Exploitation Less Likely | |
| CVE-2023-28219 | Layer 2 Tunnelling Protocol Remote Code Execution Vulnerability | Remote Code Execution | Critical | 8.1 | No | No | Exploitation More Likely | |
| CVE-2023-28220 | Layer 2 Tunnelling Protocol Remote Code Execution Vulnerability | Remote Code Execution | Critical | 8.1 | No | No | Exploitation More Likely | |
| CVE-2023-28232 | Windows Point-to-Point Tunnelling Protocol Remote Code Execution Vulnerability | Remote Code Execution | Critical | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-21727 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. |
| CVE-2023-24884 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-24885 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-24886 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-24887 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-24925 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-24926 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-24927 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-24928 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-24929 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-28243 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-28275 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28297 | Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 8.8 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28296 | Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important | 8.4 | No | No | Exploitation Less Likely | |
| CVE-2023-28221 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 8.1 | No | No | Exploitation Less Likely | |
| CVE-2023-28244 | Windows Kerberos Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 8.1 | No | No | Exploitation Less Likely | |
| CVE-2023-28268 | Netlogon RPC Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 8.1 | No | No | Exploitation Less Likely | |
| CVE-2023-23375 | Microsoft SQL Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-24893 | Visual Studio Code Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-24912 | Windows Graphics Component Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation More Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-24924 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution. |
| CVE-2023-28225 | Windows NTLM Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation Less Likely | A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. |
| CVE-2023-28236 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28237 | Windows Kernel Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28246 | Windows Registry Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
| CVE-2023-28248 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation Less Likely | A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. |
| CVE-2023-28260 | .NET DLL Hijacking Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28262 | Visual Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain administrator privileges. |
| CVE-2023-28272 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28274 | Windows Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation More Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28285 | Microsoft Office Graphics Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28287 | Microsoft Publisher Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28292 | Raw Image Extension Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28293 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28295 | Microsoft Publisher Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28304 | Microsoft SQL Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28311 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28309 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Spoofing | Important | 7.6 | No | No | Exploitation Less Likely | Scope = Changed, Jump Point = True |
| CVE-2023-21769 | Microsoft Message Queuing Denial of Service Vulnerability | Denial of Service | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-24860 | Microsoft Defender Denial of Service Vulnerability | Denial of Service | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-24931 | Windows Secure Channel Denial of Service Vulnerability | Denial of Service | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28217 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | Denial of Service | Important | 7.5 | No | No | Exploitation Less Likely | Mitigation Available: This vulnerability is limited to attacker traffic inside the NAT firewall. An enterprise perimeter firewall can be used to mitigate this attack. A NAT firewall works by only allowing requested internet traffic to pass through the gateway. Internet routed network traffic cannot attack the Windows Network Address Translation Service for this vulnerability. |
| CVE-2023-28227 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.5 | No | No | Exploitation More Likely | |
| CVE-2023-28233 | Windows Secure Channel Denial of Service Vulnerability | Denial of Service | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28234 | Windows Secure Channel Denial of Service Vulnerability | Denial of Service | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28238 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28241 | Windows Secure Socket Tunnelling Protocol (SSTP) Denial of Service Vulnerability | Denial of Service | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28247 | Windows Network File System Information Disclosure Vulnerability | Information Disclosure | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28300 | Azure Service Connector Security Feature Bypass Vulnerability | Security Feature Bypass | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28302 | Microsoft Message Queuing Denial of Service Vulnerability | Denial of Service | Important | 7.5 | No | No | Exploitation Less Likely | |
| CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.3 | No | No | Exploitation Less Likely | |
| CVE-2023-28254 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.2 | No | No | Exploitation Less Likely | |
| CVE-2023-28222 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.1 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28224 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability | Remote Code Execution | Important | 7.1 | No | No | Exploitation Less Likely | |
| CVE-2023-24914 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.0 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28216 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.0 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28218 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.0 | No | No | Exploitation More Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28229 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.0 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
| CVE-2023-28273 | Windows Clip Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important | 7.0 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
| CVE-2023-28235 | Windows Lock Screen Security Feature Bypass Vulnerability | Security Feature Bypass | Important | 6.8 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could bypass the Windows Lock Screen security feature. |
| CVE-2023-28269 | Windows Boot Manager Security Feature Bypass Vulnerability | Security Feature Bypass | Important | 6.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28270 | Windows Lock Screen Security Feature Bypass Vulnerability | Security Feature Bypass | Important | 6.8 | No | No | Exploitation Less Likely | |
| CVE-2023-28223 | Windows Domain Name Service Remote Code Execution Vulnerability | Remote Code Execution | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-28249 | Windows Boot Manager Security Feature Bypass Vulnerability | Security Feature Bypass | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-28255 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-28256 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-28278 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-28305 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-28306 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-28307 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-28308 | Windows DNS Server Remote Code Execution Vulnerability | Remote Code Execution | Important | 6.6 | No | No | Exploitation Less Likely | |
| CVE-2023-24883 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Information Disclosure | Important | 6.5 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
| CVE-2023-28267 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Information Disclosure | Important | 6.5 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
| CVE-2023-28288 | Microsoft SharePoint Server Spoofing Vulnerability | Spoofing | Important | 6.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28312 | Azure Machine Learning Information Disclosure Vulnerability | Information Disclosure | Important | 6.5 | No | No | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could access the system logs. |
| CVE-2023-28313 | Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability | Spoofing | Important | 6.1 | No | No | Exploitation Less Likely | Scope = Changed, Jump Point = True |
| CVE-2023-28314 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Spoofing | Important | 6.1 | No | No | Exploitation Less Likely | Scope = Changed, Jump Point = True |
| CVE-2023-28228 | Windows Spoofing Vulnerability | Spoofing | Important | 5.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28251 | Windows Driver Revocation List Security Feature Bypass Vulnerability | Security Feature Bypass | Important | 5.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28253 | Windows Kernel Information Disclosure Vulnerability | Information Disclosure | Important | 5.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28263 | Visual Studio Information Disclosure Vulnerability | Information Disclosure | Important | 5.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28266 | Windows Common Log File System Driver Information Disclosure Vulnerability | Information Disclosure | Important | 5.5 | No | No | Exploitation More Likely | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
| CVE-2023-28271 | Windows Kernel Memory Information Disclosure Vulnerability | Information Disclosure | Important | 5.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28298 | Windows Kernel Denial of Service Vulnerability | Denial of Service | Important | 5.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28299 | Visual Studio Spoofing Vulnerability | Spoofing | Important | 5.5 | No | No | Exploitation Less Likely | |
| CVE-2023-28226 | Windows Enrol Engine Security Feature Bypass Vulnerability | Security Feature Bypass | Important | 5.3 | No | No | Exploitation Less Likely | |
| CVE-2023-28277 | Windows DNS Server Information Disclosure Vulnerability | Information Disclosure | Important | 4.9 | No | No | Exploitation Less Likely | |
| CVE-2023-28276 | Windows Group Policy Security Feature Bypass Vulnerability | Security Feature Bypass | Important | 4.4 | No | No | Exploitation Less Likely | |
| CVE-2023-21729 | Remote Procedure Call Runtime Information Disclosure Vulnerability | Information Disclosure | Important | 4.3 | No | No | Exploitation Less Likely | Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. |
