CVE-2023-21708
Published: 14 March 2023
Summary
CVE-2023-21708 is a critical-severity Wrap or Wraparound (CWE-191) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 5.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-21708 is a remote code execution vulnerability in the Remote Procedure Call Runtime, assigned a CVSS v3.1 base score of 9.8 reflecting network attack vector, low attack complexity, and no requirements for privileges or user interaction. The weakness is tracked under CWE-191 and was published on 14 March 2023.
An unauthenticated remote attacker can send specially crafted RPC messages to trigger the flaw, resulting in arbitrary code execution with full impact on confidentiality, integrity, and availability of the affected system.
Microsoft security advisories at the referenced update guide URL describe available patches and mitigation guidance for the vulnerability.
The associated EPSS score has remained flat at a peak of 0.1393 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-25875
Vulnerability details
Remote Procedure Call Runtime Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.