CVE-2023-28220 — Vulnetix

CVE-2023-28220 PUBLISHED

In verschiedenen Versionen von Microsoft Windows und Microsoft Windows Server existieren mehrere nicht näher beschriebene Schwachstellen. Ein Angreifer kann dies ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, Sicherheitsmechanismen zu umgehen, seine Privilegien zu erweitern und um beliebigen Code auszuführen.

EPSS 6.73% · 91.4th percentile

Risk Scores

EPSS Score

6.73%

91.4th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft Windows 10 Version 1809
Microsoft	Microsoft Windows Server 2016
Microsoft	Microsoft Windows Server 2008 SP2
Microsoft	Microsoft Windows 10 Version 1607
Microsoft	Microsoft Windows 10 Version 20H2
Microsoft	Microsoft Windows 11 Version 22H2
Microsoft	Microsoft Windows Server 2012
Microsoft	Microsoft Windows 11 version 21H2
Microsoft	Microsoft Windows Remote Desktop client for Desktop
Microsoft	Microsoft Windows 10 Version 22H2
Microsoft	Microsoft Windows Server 2008 R2 SP1
Microsoft	Microsoft Windows Server 2019
Hitachi	Hitachi Storage Virtual Storage Platform
Microsoft	Microsoft Windows 10
Microsoft	Microsoft Windows Server 2012 R2
Microsoft	Microsoft Windows Server 2022
Microsoft	Microsoft Windows 10 Version 21H2

Exploit Intelligence

https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog (certbund)
POC.yara (github-yara)
POC.yara (github-yara)
POC.yara (github-yara)
POC.yara (github-yara)
POC.yara (github-yara)
POC.yara (github-yara)

Timeline

Apr 11, 2023 CVE Published
Apr 12, 2023 EPSS Score
Jun 26, 2023 EPSS Score
Jul 15, 2023 EPSS Score
Aug 14, 2023 EPSS Score
Aug 21, 2023 EPSS Score
Sep 14, 2023 EPSS Score
Oct 17, 2023 EPSS Score
Oct 18, 2023 EPSS Score
Nov 24, 2023 EPSS Score
Dec 31, 2023 EPSS Score
Jan 1, 2024 EPSS Score

References

Open in Interactive Console →