CVE-2023-23392

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version

Description The issue is related to insufficient input validation in the HTTP protocol stack implementation, specifically in the http.sys component of Windows operating systems. This can be exploited by a remote attacker using a specially crafted HTTP/3 request, potentially allowing them to execute arbitrary code. The vulnerability can be exploited remotely, enabling an attacker to impact the system.

Recommendations For Windows versions prior to the fixed version, apply the necessary patch or update to resolve the issue. As a temporary workaround, consider restricting access to the HTTP/3 protocol until a patch is available. Avoid using the vulnerable HTTP protocol stack implementation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.