CVE-2023-24941
Published: 09 May 2023
Summary
CVE-2023-24941 is a critical-severity Use of Uninitialized Resource (CWE-908) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-24941 is a remote code execution vulnerability affecting the Windows Network File System component. It carries a CVSS 3.1 base score of 9.8 and is associated with CWE-908.
An unauthenticated attacker can exploit the flaw over the network to execute arbitrary code with high impact on confidentiality, integrity, and availability. No user interaction or privileges are required for successful exploitation.
Microsoft has published an advisory for the issue at the referenced MSRC update guide URL that addresses mitigation steps and available updates. The EPSS score reached a peak of 0.4389 with a current value of 0.4160.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-28928
Vulnerability details
Windows Network File System Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.