CVE-2023-21691: 
vulnerability analysis and mitigation

Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability (CVE-2023-21691) was disclosed on February 14, 2023. This vulnerability affects various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) (Microsoft MSRC).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) that could lead to information disclosure. It has been assigned a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that it is network-accessible, requires low attack complexity, needs no privileges, and can result in high confidentiality impact (NVD).

The vulnerability could allow an attacker to gain unauthorized access to sensitive information through the Protected Extensible Authentication Protocol (PEAP). The high confidentiality impact rating suggests that the vulnerability could lead to significant information disclosure (Rapid7).

Microsoft has released security updates to address this vulnerability across affected Windows versions. Updates are available for Windows 10 (versions 1507 through 22H2), Windows 11 (21H2 and 22H2), and various Windows Server editions including 2012, 2016, 2019, and 2022 (Rapid7).