CVE-2023-23392 — Use After Free in Microsoft Windows 11 Version 21h2

CWE-416 — Use After Free10 documents8 sources

Severity

9.8CRITICALNVD

EPSS

11.7%

top 6.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 11 Version 21h2 Microsoft Windows 11 Version 22h2 Microsoft Windows Server 2022 +7 more

Timeline

PublishedMar 14

Latest updateApr 21

Description

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

▶NVDmicrosoft/windows_11_21h2< 10.0.22000.1696

▶NVDmicrosoft/windows_11_22h2< 10.0.22000.1413

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.1607

▶CVEListV5microsoft/windows_11_version_21h210.0.0 — 10.0.22000.1696

▶CVEListV5microsoft/windows_11_version_22h210.0.22621.0 — 10.0.22621.1413

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-w2mc-hp99-v44h: HTTP Protocol Stack Remote Code Execution Vulnerability↗2023-03-14

▶

📋Vendor Advisories

Microsoft

HTTP Protocol Stack Remote Code Execution Vulnerability↗2023-03-14

▶

🕵️Threat Intelligence

Qualys

The March 2023 Patch Tuesday Security Update Review | Qualys↗2023-03-15

▶

Qualys

The March 2023 Patch Tuesday Security Update Review↗2023-03-15

▶

Talos

Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities↗2023-03-14

▶

Talos

Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities↗2023-03-14

▶

Tenable

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)↗2023-03-14

▶

📄Research Papers

arXiv

CTINexus: Automatic Cyber Threat Intelligence Knowledge Graph Construction Using Large Language Models↗2025-04-21

▶