CVE-2023-21746: 
vulnerability analysis and mitigation

CVE-2023-21746 is a Windows NTLM Elevation of Privilege Vulnerability that was disclosed on January 10, 2023. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, Windows Server 2012, Windows Server 2016, Windows Server 2019, and Windows Server 2022 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access is required with low attack complexity and privileges required. The vulnerability affects the Windows NTLM authentication system and could allow an attacker to gain elevated privileges (Microsoft MSRC).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on affected systems, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (Rapid7).

Microsoft has released security updates to address this vulnerability. Multiple Knowledge Base (KB) updates are available for affected systems, including KB5022282 for Windows 10, KB5022287 for Windows 11, and KB5022291 for Windows Server 2022 (Rapid7).