CVE-2023-23392
published 2023-03-14CVE-2023-23392: HTTP Protocol Stack Remote Code Execution Vulnerability
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.67%
73.9th percentile
HTTP Protocol Stack Remote Code Execution Vulnerability
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_21h2 | < 10.0.22000.1696 | 10.0.22000.1696 |
| microsoft | windows_11_22h2 | < 10.0.22000.1413 | 10.0.22000.1413 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.1696 | 10.0.22000.1696 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1413 | 10.0.22621.1413 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1607 | 10.0.20348.1607 |
| msrc | windows_11_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target attack vector: unauthenticated attacker sends a specially crafted packet to a server using HTTP Protocol Stack (http.sys) ↗
- →Vulnerability is only exploitable when HTTP/3 is enabled on the binding AND the server uses buffered I/O — focus detection on servers with this configuration ↗
- ·HTTP/3 support is enabled via a registry key on Windows Server 2022; servers without this registry key enabled are NOT vulnerable — scope detection accordingly ↗
- ·Exploitation assessed as 'More Likely' for latest software release; no public exploit or in-the-wild exploitation confirmed at time of advisory ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
HTTP Protocol Stack Remote Code Execution Vulnerability
vendor_msrc·2023-03-14·CVSS 9.8
CVE-2023-23392 [CRITICAL] CWE-416 HTTP Protocol Stack Remote Code Execution Vulnerability
HTTP Protocol Stack Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
Windows HTTP Protocol Stack: Windows HTTP Protocol Stack
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023705
Reference: https://support.microsoft.com/help/5023705
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5023698
Reference: https://catalog.update.microsoft.com
GHSA
GHSA-w2mc-hp99-v44h: HTTP Protocol Stack Remote Code Execution Vulnerability
ghsa_unreviewed·2023-03-14
CVE-2023-23392 [CRITICAL] GHSA-w2mc-hp99-v44h: HTTP Protocol Stack Remote Code Execution Vulnerability
HTTP Protocol Stack Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
Qualys
The March 2023 Patch Tuesday Security Update Review | Qualys
blogs_qualys·2023-03-15·CVSS 9.8
[CRITICAL] The March 2023 Patch Tuesday Security Update Review | Qualys
#### Table of Contents
- Microsoft Patches for March 2023
- Adobe Patches for March 2023
- Zero-day Vulnerabilities Patched in March Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in March Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
- This Month in Vulnerabilities & Patches
Microsoft has released its monthly security update for March 2023. This month’s updates addressed various vulnerabilities in different products. Let’s go through this month’s Patch Tuesday details and discuss
Qualys
The March 2023 Patch Tuesday Security Update Review
blogs_qualys·2023-03-15·CVSS 9.8
[CRITICAL] The March 2023 Patch Tuesday Security Update Review
## Table of Contents
Microsoft Patches for March 2023
Adobe Patches for March 2023
Zero-day Vulnerabilities Patched in March Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in March Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
This Month in Vulnerabilities & Patches
Microsoft has released its monthly security update for March 2023. This month’s updates addressed various vulnerabilities in different products. Let’s go through this month’s Patch Tuesday details and discuss the security
Talos
Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities
blogs_talos·2023-03-14·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months.
Two of the vulnerabilities included in March’s security update have been exploited in the wild, according to Microsoft, including one critical issue.
In all, eight of the issues disclosed this month are critical, while the remainder — outside of one — is “important.”
A moderate-severity vulnerability that’s already being exploited in the wild is CVE-2023-24880 , a security feature bypass vulnerability in Windows Smart
Talos
Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities
blogs_talos·2023-03-14·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company’s hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months.
Two of the vulnerabilities included in March’s security update have been exploited in the wild, according to Microsoft, including one critical issue.
In all, eight of the issues disclosed this month are critical, while the remainder — outside of one — is “important.”
A moderate-severity vulnerability that’s already being exploited in the wild is CVE-2023-24880, a security feature bypass vulnerability in Windows SmartScreen, a cloud-based anti-phishing and anti-malware feature included in several Microso
Tenable
Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)
blogs_tenable·2023-03-14·CVSS 9.8
[CRITICAL] Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Crowdstrike
March 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] March 2023 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
arXiv
CTINexus: Automatic Cyber Threat Intelligence Knowledge Graph Construction Using Large Language Models
arxiv_fulltext·2025-04-21
CTINexus: Automatic Cyber Threat Intelligence Knowledge Graph Construction Using Large Language Models
: Automatic Cyber Threat Intelligence Knowledge Graph Construction Using Large Language Models
Yutong Cheng
Virginia Tech
[email protected]
Osama Bajaber
Virginia Tech
[email protected]
Saimon Amanuel Tsegai
Virginia Tech
[email protected]
Dawn Song
UC Berkeley
[email protected]
Peng Gao
Virginia Tech
[email protected]
## Abstract
Textual descriptions in cyber threat intelligence (CTI) reports, such as security articles and news, are rich sources of knowledge about cyber threats, crucial for organizations to stay informed about the rapidly evolving threat landscape. However, current CTI knowledge extraction methods lack flexibility and generalizability, often resulting in inaccurate and incomplete knowledge extraction. Syntax parsing relies on fixed rules and dictionaries, w
2023-03-14
Published