CVE-2023-35628
published 2023-12-12CVE-2023-35628: Windows MSHTML Platform Remote Code Execution Vulnerability
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Windows MSHTML Platform Remote Code Execution Vulnerability
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20345 | 10.0.10240.20345 |
| microsoft | windows_10_1607 | < 10.0.14393.6529 | 10.0.14393.6529 |
| microsoft | windows_10_1809 | < 10.0.17763.5206 | 10.0.17763.5206 |
| microsoft | windows_10_21h2 | < 10.0.19041.3803 | 10.0.19041.3803 |
| microsoft | windows_10_22h2 | < 10.0.19045.3803 | 10.0.19045.3803 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20345 | 10.0.10240.20345 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6529 | 10.0.14393.6529 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.5206 | 10.0.17763.5206 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.5206 | 10.0.17763.5206 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19041.3803 | 10.0.19041.3803 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3803 | 10.0.19045.3803 |
| microsoft | windows_11_21h2 | < 10.0.22000.2652 | 10.0.22000.2652 |
| microsoft | windows_11_22h2 | < 10.0.22621.2861 | 10.0.22621.2861 |
| microsoft | windows_11_23h2 | < 10.0.22631.2861 | 10.0.22631.2861 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2652 | 10.0.22000.2652 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.2861 | 10.0.22621.2861 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22621.2861 | 10.0.22621.2861 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.2861 | 10.0.22631.2861 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26864 | 6.1.7601.26864 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24614 | 6.2.9200.24614 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21715 | 6.3.9600.21715 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6529 | 10.0.14393.6529 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.5206 | 10.0.17763.5206 |
GHSA
GHSA-rx7r-r3h4-3r66: Windows MSHTML Platform Remote Code Execution Vulnerability
ghsa_unreviewed·2023-12-12
CVE-2023-35628 [HIGH] GHSA-rx7r-r3h4-3r66: Windows MSHTML Platform Remote Code Execution Vulnerability
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft
Windows MSHTML Platform Remote Code Execution Vulnerability
vendor_msrc·2023-12-12·CVSS 8.1
CVE-2023-35628 [HIGH] CWE-416 Windows MSHTML Platform Remote Code Execution Vulnerability
Windows MSHTML Platform Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).
FAQ: According to the CVSS Metric, the attack complexity is high (AC:H). What does
Suricata
ET HUNTING Microsoft Windows MSHTML Platform Remote Code Execution (CVE-2023-35628)
suricata·2025-01-21·CVSS 8.1
CVE-2023-35628 [HIGH] ET HUNTING Microsoft Windows MSHTML Platform Remote Code Execution (CVE-2023-35628)
ET HUNTING Microsoft Windows MSHTML Platform Remote Code Execution (CVE-2023-35628)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Microsoft Windows MSHTML Platform Remote Code Execution (CVE-2023-35628)"; flow:established,to_client; http.response_body; content:"file|3a 2f 2f 2e 2f|UNC|2f|C|3a 2f|"; reference:url,www.akamai.com/blog/security-research/critical-vulnerability-create-uri-remote-code-execution; reference:cve,2023-35628; classtype:bad-unknown; sid:2059362; rev:1; metadata:affected_product Windows_11, affected_product Windows_Server_2019, affected_product Windows_Server_2022, affected_product Windows_Server_2016, affected_product Windows_10, affected_product Windows_Server_2012, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_01_21, cve
No public exploits indexed.
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
blogs_greynoiseio·2025-02-26·CVSS 9.8
[CRITICAL] GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Qualys
Defense Lessons From the Black Basta Ransomware Playbook
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook
## Table of Contents
Know Your Enemys Playbook
Attackers Move Fast
How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against evolving
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
#### Table of Contents
- Know Your Enemys Playbook
- Attackers Move Fast
- How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against ev
Tenable
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
blogs_tenable·2024-05-14·CVSS 8.8
[HIGH] Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, December 2023 Edition
blogs_krebs·2023-12-13·CVSS 8.1
[HIGH] Microsoft Patch Tuesday, December 2023 Edition
The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.
Among the critical bugs quashed this month is CVE-2023-35628, a weakness present in Windows 10 and later versions, as well as Microsoft Server 2008 and later. Kevin Breen, senior director of threat research at Immersive Labs, said the flaw affects MSHTML
Trendmicro
The December 2023 Security Update Review
blogs_trendmicro·2023-12-12
The December 2023 Security Update Review
# The December 2023 Security Update Review
Get the December 2023 security update and review.
By: Zero Day Initiative
2023/12/12
Read time: ( words)
Save to Folio
It’s the final patch Tuesday of 2023, and Apple, Adobe, and Microsoft have released their latest security offerings. Take a break from your holiday hustle and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
Apple Patches for December 2023
Apple kicked off the December release cycle with patches for iOS and iPadOS with eight CVEs. Two of these CVEs in Webkit are reported as being under active attack on iOS versions 16.7.1 and older. If you’re using an older iPhone or iPad, you should definitely update your device immediately. If you’re using a dev
Tenable
Microsoft’s December 2023 Patch Tuesday Addresses 33 CVEs (CVE-2023-36019)
blogs_tenable·2023-12-12·CVSS 9.6
[CRITICAL] Microsoft’s December 2023 Patch Tuesday Addresses 33 CVEs (CVE-2023-36019)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, December 2023 Edition
blogs_krebs·2023-12-12·CVSS 8.1
[HIGH] Microsoft Patch Tuesday, December 2023 Edition
The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users.
Among the critical bugs quashed this month is CVE-2023-35628 , a weakness present in Windows 10 and later versions, as well as Microsoft Server 2008 and later. Kevin Breen , senior director of threat research at Immersive Labs , said the flaw affects MSH
Qualys
Microsoft and Adobe Patch Tuesday, December 2023 Security Update Review
blogs_qualys·2023-12-12
Microsoft and Adobe Patch Tuesday, December 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for December 2023
Adobe Patches for December 2023
Zero-day Vulnerability Patched in December Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
Qualys Monthly Webinar Series
Microsoft has wrapped up the year with fewer security updates released in its Patch Tuesday, December 2023 edition. We invite you to join us to review and discuss the details of these security updates and patches.
## Microsoft Patch Tuesday for December 2023
In this month’s Patch Tuesday edition, Microsoft ha
Talos
Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
blogs_talos·2023-12-12·CVSS 8.1
[HIGH] Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
Microsoft’s monthly security update released Tuesday is the company’s lightest in four years, including only 33 vulnerabilities.
Perhaps more notable is that there are no zero-day vulnerabilities included in December’s Patch Tuesday, a rarity for Microsoft this year. The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year.
However, there are four critical vulnerabilities that Microsoft released patches, three of which could lead to remote code execution. The remainder of this month’s vulnerabilities are considered “important.” Thirty-three vulnerabilities are the lowest number included in a Patch Tuesday since December 2019.
Two of the critical vulnerabilities are CVE-2023-35630 and CVE-2023-35641, which exis
Qualys
Qualys Review: Microsoft and Adobe December Security Patches | Qualys
blogs_qualys·2023-12-12
Qualys Review: Microsoft and Adobe December Security Patches | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for December 2023
- Adobe Patches for December 2023
- Zero-day Vulnerability Patched in December Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- Qualys Monthly Webinar Series
Microsoft has wrapped up the year with fewer security updates released in its Patch Tuesday, December 2023 edition. We invite you to join us to review and discuss the details of these security updates and patches.
## Microsoft Patch Tuesday for December 2023
In this month’s Patch Tuesday edition,
Bleepingcomputer
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
blogs_bleepingcomputer·2023-12-12·CVSS 5.5
[MEDIUM] Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
## Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
## Lawrence Abrams
10 Elevation of Privilege Vulnerabilities
8 Remote Code Execution Vulnerabilities
6 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
5 Spoofing Vulnerabilities
The total count of 34 flaws does not include 8 Microsoft Edge flaws fixed on December 7th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5033375 cumulative update and Windows 10 KB5033372 cumulative update .
## One publicly disclosed zero-day fixed
This month's Patch Tuesday fixes one AMD zero-day vulnerability disclosed in August that previously remained unpatched.
The ' CVE-2023-20588 - AMD: CVE-2023-20588 AMD Speculative Leaks ' vul
Talos
Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
blogs_talos·2023-12-12·CVSS 8.1
[HIGH] Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
## Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
Microsoft’s monthly security update released Tuesday is the company’s lightest in four years, including only 33 vulnerabilities.
Perhaps more notable is that there are no zero-day vulnerabilities included in December’s Patch Tuesday, a rarity for Microsoft this year. The company’s regular set of advisories has included a vulnerability that’s been actively exploited in the wild in 10 months this year.
However, there are four critical vulnerabilities that Microsoft released patches, three of which could lead to remote code execution. The remainder of this month’s vulnerabilities are considered “important.” Thirty-three vulnerabilities are the lowest number included in a Patch Tuesday since December 2019.
Sentinelone
Black Basta
blogs_sentinelone·2022-11-30
Black Basta
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Sentinelone
Black Basta
blogs_sentinelone
Black Basta
# Black Basta Ransomware: In-Depth Analysis, Detection, and Mitigation
## Summary of Black Basta Ransomware
Black Basta first emerged in early 2022. The ransomware family is an evolution of the Hermes/Ryuk/Conti families. Black Basta was heavily advertised in underground cybercrime markets. Black Basta practices double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data. There are Windows and LInux variants of Black Basta ransomware. The group is responsible for hundreds of attacks against global targets of varying sectors.
February 2025 Update: Nearly a year’s worth of Black Basta chat logs have been released on Telegram, providing detailed insight into the groups operational workflow, reconnaissance activities, and specific userID and details o
Crowdstrike
December 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] December 2023 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2023-12-12
Published