CVE-2023-28250
Published: 11 April 2023
Summary
CVE-2023-28250 is a critical-severity Wrap or Wraparound (CWE-191) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 9.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-28250 is a remote code execution vulnerability in the Windows Pragmatic General Multicast (PGM) component, assigned a CVSS 3.1 base score of 9.8. It is associated with CWE-191 and was publicly disclosed on 11 April 2023.
An unauthenticated attacker can exploit the flaw over a network connection without user interaction, achieving full compromise of confidentiality, integrity, and availability on affected Windows systems.
Microsoft has published remediation guidance for the issue in its security update guide. The EPSS score has remained flat at 0.0534 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-31958
Vulnerability details
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.