/

CVE-2023-35628 Report - Details, Severity, & Advisorie...

CVE-2023-35628 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-35628?

CVE-2023-35628 is a high-severity vulnerability in the Windows MSHTML platform, which allows remote code execution by an attacker. It affects various Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server versions. Both desktop and server systems, such as x64-based, ARM64-based, and 32-bit systems, are susceptible, making it essential to apply security updates.

Who is impacted by this?

This vulnerability affects users of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server. Versions impacted include Windows 10 1507 up to 10.0.10240.20345, Windows 11 21H2 up to 10.0.22000.2652, and Windows Server 2019. Both x64-based, ARM64-based, and 32-bit systems are vulnerable.

What should I do if I’m affected?

If you're affected by the CVE-2023-35628 vulnerability, it's crucial to take action to protect your system. Follow these simple steps:

  1. Be cautious when clicking on links in emails or instant messages, especially from unknown sources.

  2. Apply the security updates provided by Microsoft to fix the vulnerability. Visit the Microsoft Security Update Guide for more information on the appropriate update for your system.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-35628, also known as the Windows MSHTML Platform Remote Code Execution Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue was added on December 12, 2023, and requires a security patch from Microsoft to prevent potential remote code execution.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-416, which is a Use After Free issue in the Windows MSHTML Platform, potentially leading to remote code execution.

Learn More

For comprehensive information on this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-35628 Report - Details, Severity, & Advisorie...

CVE-2023-35628 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-35628?

CVE-2023-35628 is a high-severity vulnerability in the Windows MSHTML platform, which allows remote code execution by an attacker. It affects various Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server versions. Both desktop and server systems, such as x64-based, ARM64-based, and 32-bit systems, are susceptible, making it essential to apply security updates.

Who is impacted by this?

This vulnerability affects users of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server. Versions impacted include Windows 10 1507 up to 10.0.10240.20345, Windows 11 21H2 up to 10.0.22000.2652, and Windows Server 2019. Both x64-based, ARM64-based, and 32-bit systems are vulnerable.

What should I do if I’m affected?

If you're affected by the CVE-2023-35628 vulnerability, it's crucial to take action to protect your system. Follow these simple steps:

  1. Be cautious when clicking on links in emails or instant messages, especially from unknown sources.

  2. Apply the security updates provided by Microsoft to fix the vulnerability. Visit the Microsoft Security Update Guide for more information on the appropriate update for your system.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-35628, also known as the Windows MSHTML Platform Remote Code Execution Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue was added on December 12, 2023, and requires a security patch from Microsoft to prevent potential remote code execution.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-416, which is a Use After Free issue in the Windows MSHTML Platform, potentially leading to remote code execution.

Learn More

For comprehensive information on this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-35628 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is CVE-2023-35628?

CVE-2023-35628 is a high-severity vulnerability in the Windows MSHTML platform, which allows remote code execution by an attacker. It affects various Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server versions. Both desktop and server systems, such as x64-based, ARM64-based, and 32-bit systems, are susceptible, making it essential to apply security updates.

Who is impacted by this?

This vulnerability affects users of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server. Versions impacted include Windows 10 1507 up to 10.0.10240.20345, Windows 11 21H2 up to 10.0.22000.2652, and Windows Server 2019. Both x64-based, ARM64-based, and 32-bit systems are vulnerable.

What should I do if I’m affected?

If you're affected by the CVE-2023-35628 vulnerability, it's crucial to take action to protect your system. Follow these simple steps:

  1. Be cautious when clicking on links in emails or instant messages, especially from unknown sources.

  2. Apply the security updates provided by Microsoft to fix the vulnerability. Visit the Microsoft Security Update Guide for more information on the appropriate update for your system.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

CVE-2023-35628, also known as the Windows MSHTML Platform Remote Code Execution Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue was added on December 12, 2023, and requires a security patch from Microsoft to prevent potential remote code execution.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-416, which is a Use After Free issue in the Windows MSHTML Platform, potentially leading to remote code execution.

Learn More

For comprehensive information on this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.