CVE-2021-28336: 
vulnerability analysis and mitigation

The Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2021-28336) was identified and disclosed on March 12, 2021. This vulnerability affects multiple Microsoft Windows operating systems, including Windows 10, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and various Windows Server versions (MITRE CVE).

The vulnerability has been assigned a CVSS v3.1 base score indicating high severity with the following metrics: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This translates to a vulnerability that is network accessible, requires low attack complexity, needs low privileges, requires no user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability could allow an attacker to execute remote code on affected systems, potentially compromising the confidentiality, integrity, and availability of the system. The high CVSS scores across all impact metrics (Confidentiality, Integrity, and Availability) indicate the potential for significant system compromise (NVD).

Microsoft has released security updates to address this vulnerability. The fix is available through the Microsoft security advisory and should be applied to all affected systems (Microsoft Advisory).