Windows MSHTML Platform Remote Code Execution Vulnerability - 20231218001¶
Overview¶
Microsoft has released a security advisory for Windows MSHTML vulnerability. Exploitation of this vulnerability could lead to remote code execution on Microsoft Windows platforms.
What is the vulnerability?¶
CVE-2023-35628 - CVSS v3.1 Base Score: 8.1
Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).
What is vulnerable?¶
A list of vulnerable products and recommendations can be found under Recommendations.
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendations¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
| Product | Impact | Max Severity | Article | Download | Build Number |
|---|---|---|---|---|---|
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Critical | 5033433 | Monthly Rollup | 6.1.7601.26864 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Critical | 5033424 | Security Only | 6.1.7601.26864 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Remote Code Execution | Critical | 5033376 | IE Cumulative | 1.001 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5033420 | Monthly Rollup | 6.3.9600.21715 |
| Windows Server 2012 R2 (Server Core installation) | Remote Code Execution | Critical | 5033376 | IE Cumulative | 1.001 |
| Windows Server 2012 R2 | Remote Code Execution | Critical | 5033420 | Monthly Rollup | 6.3.9600.21715 |
| Windows Server 2012 R2 | Remote Code Execution | Critical | 5033376 | IE Cumulative | 1.002 |
| Windows Server 2012 (Server Core installation) | Remote Code Execution | Critical | 5033429 | Monthly Rollup | 6.2.9200.24614 |
| Windows Server 2012 (Server Core installation) | Remote Code Execution | Critical | 5033376 | IE Cumulative | 1.001 |
| Windows Server 2012 | Remote Code Execution | Critical | 5033429 | Monthly Rollup | 6.2.9200.24614 |
| Windows Server 2012 | Remote Code Execution | Critical | 5033376 | IE Cumulative | 1.001 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Critical | 5033433 | Monthly Rollup | 6.1.7601.26864 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Critical | 5033424 | Security Only | 6.1.7601.26864 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Remote Code Execution | Critical | 5033376 | IE Cumulative | 1.001 |
| Windows Server 2016 (Server Core installation) | Remote Code Execution | Critical | 5033373 | Security Update | 10.0.14393.6529 |
| Windows Server 2016 | Remote Code Execution | Critical | 5033373 | Security Update | 10.0.14393.6529 |
| Windows 10 Version 1607 for x64-based Systems | Remote Code Execution | Critical | 5033373 | Security Update | 10.0.14393.6529 |
| Windows 10 Version 1607 for 32-bit Systems | Remote Code Execution | Critical | 5033373 | Security Update | 10.0.14393.6529 |
| Windows 10 for x64-based Systems | Remote Code Execution | Critical | 5033379 | Security Update | 10.0.10240.20345 |
| Windows 10 for 32-bit Systems | Remote Code Execution | Critical | 5033379 | Security Update | 10.0.10240.20345 |
| Windows 10 Version 22H2 for 32-bit Systems | Remote Code Execution | Critical | 5033372 | Security Update | 10.0.19045.3803 |
| Windows 10 Version 22H2 for ARM64-based Systems | Remote Code Execution | Critical | 5033372 | Security Update | 10.0.19045.3803 |
| Windows 10 Version 22H2 for x64-based Systems | Remote Code Execution | Critical | 5033372 | Security Update | 10.0.19045.3803 |
| Windows 11 Version 22H2 for x64-based Systems | Remote Code Execution | Critical | 5033375 | Security Update | 10.0.22621.2861 |
| Windows 11 Version 22H2 for ARM64-based Systems | Remote Code Execution | Critical | 5033375 | Security Update | 10.0.22621.2861 |
| Windows 10 Version 21H2 for x64-based Systems | Remote Code Execution | Critical | 5033372 | Security Update | 10.0.19041.3803 |
| Windows 10 Version 21H2 for ARM64-based Systems | Remote Code Execution | Critical | 5033372 | Security Update | 10.0.19041.3803 |
| Windows 10 Version 21H2 for 32-bit Systems | Remote Code Execution | Critical | 5033372 | Security Update | 10.0.19041.3803 |
| Windows 11 version 21H2 for ARM64-based Systems | Remote Code Execution | Critical | 5033369 | Security Update | 10.0.22000.2652 |
| Windows 11 version 21H2 for x64-based Systems | Remote Code Execution | Critical | 5033369 | Security Update | 10.0.22000.2652 |
| Windows Server 2022 (Server Core installation) | Remote Code Execution | Critical | 5033118 | Security Update | 10.0.20348.2159 |
| Windows Server 2022 (Server Core installation) | Remote Code Execution | Critical | 5033464 | Security Hotpatch Update | 10.0.20348.2144 |
| Windows Server 2022 | Remote Code Execution | Critical | 5033118 | Security Update | 10.0.20348.2159 |
| Windows Server 2022 | Remote Code Execution | Critical | 5033464 | Security Hotpatch Update | 10.0.20348.2144 |
| Windows Server 2019 (Server Core installation) | Remote Code Execution | Critical | 5033371 | Security Update | 10.0.17763.5206 |
| Windows Server 2019 | Remote Code Execution | Critical | 5033371 | Security Update | 10.0.17763.5206 |
| Windows 10 Version 1809 for ARM64-based Systems | Remote Code Execution | Critical | 5033371 | Security Update | 10.0.17763.5206 |
| Windows 10 Version 1809 for x64-based Systems | Remote Code Execution | Critical | 5033371 | Security Update | 10.0.17763.5206 |
| Windows 10 Version 1809 for 32-bit Systems | Remote Code Execution | Critical | 5033371 | Security Update | 10.0.17763.5206 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | Remote Code Execution | Critical | 5033383 | Security Update | 10.0.25398.584 |
| Windows 11 Version 23H2 for ARM64-based Systems | Remote Code Execution | Critical | 5033375 | Security Update | 10.0.22631.2861 |
| Windows 11 Version 23H2 for x64-based Systems | Remote Code Execution | Critical | 5033375 | Security Update | 10.0.22631.2861 |