CVE-2023-38146

Name of the Vulnerable Software and Affected Versions Windows 11 (affected versions not specified)

Description The vulnerability is related to insufficient input validation in the Windows Themes component, allowing remote attackers to execute arbitrary code on the system. This can occur when a user opens a malicious .THEME file. The issue has been exploited in real-world incidents, with proof-of-concept exploit code published. A successful exploit could grant attackers complete control over the victim's system, allowing them to install malware, steal sensitive data, or launch further attacks within the network.

Recommendations To resolve the issue, install Microsoft's September 2023 security updates as soon as possible to protect your system from attacks. The updates are available through Windows Update and the Microsoft Update Catalog. As a temporary workaround, consider avoiding the use of .THEME files from untrusted sources until the issue is resolved.