Summaryinfo

A vulnerability was found in Microsoft Windows. It has been declared as critical. This issue affects some unknown processing of the component Remote Procedure Call Runtime. Such manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2023-23405. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Microsoft Windows (Operating System). Affected by this issue is some unknown processing of the component Remote Procedure Call Runtime. Impacted is confidentiality, integrity, and availability.

The weakness was published 03/14/2023 as confirmed security guidance (Website). The advisory is shared for download at portal.msrc.microsoft.com. This vulnerability is handled as CVE-2023-23405. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 04/07/2023).

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Operating System

Vendor

• Microsoft

Name

• Windows

Version

• 10
• 10 20H2
• 10 21H2
• 10 22H2
• 10 1607
• 10 1809
• 11 21H2
• 11 22H2
• Server 2008 R2 SP1
• Server 2008 SP2
• Server 2012
• Server 2012 R2
• Server 2016
• Server 2019
• Server 2022

License

• commercial

Website

• Vendor: https://www.microsoft.com/
• Product: https://www.microsoft.com/en-us/windows

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion