Rackspace Technology is aware that Microsoft recently published security vulnerabilities impacting Windows Operating Systems and other products. Microsoft issued patches for one actively exploited zero-day vulnerability (CVE-2023-28252) and 97 flaws, of which 7 are classified as critical. A full list of April 2023 Microsoft Patch Tuesday Security Advisories is available here: https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr)
Rackspace engineers have performed an initial assessment and strongly recommend that customers review the advisories and ensure appropriate patches are installed. Rackspace customers using our Managed Patching Service will be patched during normal patching cycles.
For those customers not using Rackspace Managed Patching, we recommend patching devices as soon as possible to mitigate these vulnerabilities. Customers not using our Managed Patching Service can install the latest Windows Updates themselves or can request that Rackspace perform patching by contacting Rackspace Support.
Additionally, on 11 April 2023, SAP Security Patch Day saw the release of 19 new Security Notes. Further, there were 5 updates to previously released Security Notes. SAP has published a list of SAP Security Patch Day – April 2023 vulnerabilities, located at https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html. SAP and Rackspace strongly recommend that customers who utilize SAP visit the Support Portal at SAP Security Notes & News and apply patches to protect their SAP environment.
Our security teams are actively monitoring the situation and will provide any associated updates via this blog.
Should you have any questions or require assistance in responding to these vulnerabilities, please contact a support Racker via https://www.rackspace.com/login.