CVE-2021-28343: 
vulnerability analysis and mitigation

CVE-2021-28343 is a Remote Procedure Call Runtime Remote Code Execution Vulnerability affecting Microsoft Windows systems. The vulnerability was first published on April 13, 2021, and has been assigned a CVSS v3.1 score indicating significant severity (Rapid7, NVD).

The vulnerability has been assigned a CVSS v3.1 base score with the following metrics: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and requiring low privileges with no user interaction. This CVE is unique and distinct from multiple other CVEs including CVE-2021-28327 through CVE-2021-28434 (NVD).

The vulnerability could allow an attacker to execute remote code on affected systems, potentially compromising the confidentiality, integrity, and availability of the targeted system (Rapid7).

Microsoft has released security updates to address this vulnerability across multiple Windows versions including Windows 10 (versions 1507, 1607, 1803, 1809, 1909, 2004, 20H2), Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. The fixes are available through various KB updates including KB5001330, KB5001337, KB5001339, KB5001342, KB5001347, KB5001383, and KB5001393 (Rapid7).