CVE-2023-32046
published 2023-07-11CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability
PriorityP180high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-08-01
Exploited in the wild
EPSS
9.08%
94.7th percentile
Windows MSHTML Platform Elevation of Privilege Vulnerability
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20048 | 10.0.10240.20048 |
| microsoft | windows_10_1607 | < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_10_1809 | < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_21h2 | < 10.0.19041.3208 | 10.0.19041.3208 |
| microsoft | windows_10_22h2 | < 10.0.19045.3208 | 10.0.19045.3208 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20048 | 10.0.10240.20048 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3208 | 10.0.19044.3208 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3208 | 10.0.19045.3208 |
| microsoft | windows_11_21h2 | < 10.0.22000.2176 | 10.0.22000.2176 |
| microsoft | windows_11_22h2 | < 10.0.22621.1992 | 10.0.22621.1992 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2176 | 10.0.22000.2176 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1992 | 10.0.22621.1992 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26623 | 6.1.7601.26623 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22175 | 6.0.6003.22175 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24374 | 6.2.9200.24374 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21063 | 6.3.9600.21063 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1850 | 10.0.20348.1850 |
| msrc | windows_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
registryHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION↗
- →Detect suspicious child processes spawned by Microsoft Office applications on Windows, which may indicate exploitation of CVE-2023-32046 or related vulnerabilities. ↗
- →The exploit requires a user to open a specially crafted file delivered via email or a malicious/compromised website. Monitor for Office applications opening files from untrusted locations and subsequently making network connections. ↗
- →The IP addresses associated with Storm-0978/RomCom activity are known to host TOR/VPN infrastructure. Monitor outbound connections to these IPs from Office processes. ↗
- ·The SHA-256 hashes and IP addresses listed are associated with the broader Storm-0978/RomCom campaign (primarily CVE-2023-36884). They are reported alongside CVE-2023-32046 as related IOCs but may not be exclusively tied to CVE-2023-32046 exploitation. ↗
- ·The MSHTML platform remains active and exploitable even on systems where Internet Explorer 11 has been retired, because it is still used by IE mode in Edge, WebBrowser control, and other legacy applications. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6g7j-q2fm-9g6r: Windows MSHTML Platform Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-07-11
CVE-2023-32046 [HIGH] GHSA-6g7j-q2fm-9g6r: Windows MSHTML Platform Elevation of Privilege Vulnerability
Windows MSHTML Platform Elevation of Privilege Vulnerability
VulnCheck
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
vulncheck·2023·CVSS 7.8
CVE-2023-32046 [HIGH] Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2023-Jul; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/uploads/2024/02/02/dcc93e586f9028c68e7ab34c3326ff31.pdf
Remediation Due: 2023-08-01
Microsoft
Windows MSHTML Platform Elevation of Privilege Vulnerability
vendor_msrc·2023-07-11·CVSS 7.8
CVE-2023-32046 [HIGH] Windows MSHTML Platform Elevation of Privilege Vulnerability
Windows MSHTML Platform Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker would gain the rights of the user that is running the affected application.
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of the vulnerability requires that a user open a specially crafted file.
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file d
CISA
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
cisa·2023-07-11·CVSS 7.8
CVE-2023-32046 [HIGH] Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Affected: Microsoft Windows
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046; https://nvd.nist.gov/vuln/detail/CVE-2023-32046
Remediation Due Date: 2023-08-01
No detection rules found.
No public exploits indexed.
Tenable
Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
blogs_tenable·2026-05-27
CVE-2023-4966 Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
## Exposure Management
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploit
Tenable
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
blogs_tenable·2024-05-14·CVSS 8.8
[HIGH] Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security
blogs_qualys·2023-07-14·CVSS 7.8
CVE-2023-32046 [HIGH] Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security
## Table of Contents
Summary:
Remediation:
Vulnerability Analysis:
Exploit Detection using Qualys EDR:
VMDR:
Related IOCs:
## Summary:
On July 11, Microsoft released security bulletins to fix 132 vulnerabilities. With the July Patch Tuesday, Microsoft also remediated six zero-day vulnerabilities . For your quick reference, the following are the zero-day vulnerabilities:
CVE-2023-32046 – Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability
ADV230001 – Guidance on
Qualys
Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security | Qualys
blogs_qualys·2023-07-14·CVSS 7.8
CVE-2023-32046 [HIGH] Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security | Qualys
#### Table of Contents
- Summary:
- Remediation:
- Vulnerability Analysis:
- Exploit Detection using Qualys EDR:
- VMDR:
- Related IOCs:
## Summary:
On July 11, Microsoft released security bulletins to fix 132 vulnerabilities. With the July Patch Tuesday, Microsoft also remediated six zero-day vulnerabilities. For your quick reference, the following are the zero-day vulnerabilities:
1. CVE-2023-32046 – Windows MSHTML Platform Elevation of Privilege Vulnerability
2. CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability
3. CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability
4. CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability
5. CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability
6. ADV
Krebs
Apple & Microsoft Patch Tuesday, July 2023 Edition
blogs_krebs·2023-07-12·CVSS 7.8
[HIGH] Apple & Microsoft Patch Tuesday, July 2023 Edition
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.
On July 10, Apple pushed a “Rapid Security Response” update to fix a code execution flaw in the Webkit browser component built into iOS, iPadOS, and macOS Ventura. Almost as soon as the patch went out, Apple pulled the software because it was reportedly causing problems loading certain websites. MacRumors says Apple will likely re-release the patches when the glitch
Talos
Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
blogs_talos·2023-07-11·CVSS 7.8
[HIGH] Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year.
The company released details of more than 130 vulnerabilities, the most in a month since April 2022, 10 of which are considered to be critical. The remaining vulnerabilities are “important.”
Microsoft also included an advisory in today’s Patch Tuesday that provides guidance to mitigate Microsoft-signed drivers that attackers are using maliciously in the wild. Talos recently discovered an attack that focuses on drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) being used maliciously in post-exploitation activity. Microsoft had been previously notified of this type of activity in February 2023, and Talos researchers recently rep
Krebs
Apple & Microsoft Patch Tuesday, July 2023 Edition
blogs_krebs·2023-07-11·CVSS 7.8
[HIGH] Apple & Microsoft Patch Tuesday, July 2023 Edition
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.
On July 10, Apple pushed a “Rapid Security Response” update to fix a code execution flaw in the Webkit browser component built into iOS, iPadOS, and macOS Ventura. Almost as soon as the patch went out, Apple pulled the software because it was reportedly causing problems loading certain websites. MacRumors says Apple will likely re-release the patches when the glitch
Qualys
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review
blogs_qualys·2023-07-11·CVSS 7.8
[HIGH] Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for July 2023
Adobe Patches for July 2023
Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft has released July’s edition of Patch Tuesday! This installment of security updates addressed 132 security vulnerabilities in various products, features, and roles.
## Microsoft
Tenable
Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884)
blogs_tenable·2023-07-11·CVSS 7.5
[HIGH] Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review | Qualys
blogs_qualys·2023-07-11·CVSS 7.8
[HIGH] Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for July 2023
- Adobe Patches for July 2023
- Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft has released July’s edition of Patch Tuesday! This installment of security updates addressed 132 security vulnerabilities in various products, features, and roles.
Talos
Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
blogs_talos·2023-07-11·CVSS 7.8
[HIGH] Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
## Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year.
The company released details of more than 130 vulnerabilities, the most in a month since April 2022, 10 of which are considered to be critical. The remaining vulnerabilities are “important.”
Microsoft also included an advisory in today’s Patch Tuesday that provides guidance to mitigate Microsoft-signed drivers that attackers are using maliciously in the wild. Talos recently discovered an attack that focuses on drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) being used maliciously in post-exploitation activity. Mi
Crowdstrike
July 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2023 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2023-07-11
Published
2023-07-11
Added to CISA KEV
Exploited in the wild