CVE-2023-23414: 
vulnerability analysis and mitigation

Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability (CVE-2023-23414) was identified and disclosed in January 2023. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions (Microsoft Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Microsoft has classified this as a CWE-591 vulnerability, which relates to Sensitive Data Storage in Improperly Locked Memory (NVD).

If successfully exploited, this vulnerability could lead to remote code execution with high impacts on confidentiality, integrity, and availability of the affected systems. The attack vector is adjacent (AV:A) requiring user interaction (UI:R) but no privileges (PR:N) (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability across affected versions of Windows. The patches are available for Windows 10 (versions 1507 through 22H2), Windows 11 (21H2 and 22H2), and Windows Server versions 2008 R2 SP1 through 2022 (Microsoft Advisory).