CVE-2023-24901: 
vulnerability analysis and mitigation

Windows NFS Portmapper Information Disclosure Vulnerability (CVE-2023-24901) was identified and disclosed in January 2023. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions. The vulnerability was officially published on May 9, 2023, and has been assigned a CVSS v3.1 base score of 7.5 (HIGH) (Microsoft MSRC).

The vulnerability is classified as a Buffer Over-read (CWE-126) issue that could lead to information disclosure in the Windows NFS Portmapper component. It has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that it can be exploited remotely with low attack complexity, requires no privileges or user interaction, and primarily impacts confidentiality (NVD).

The vulnerability allows an unauthenticated attacker to potentially obtain sensitive information from the affected system through the Windows NFS Portmapper component. The high confidentiality impact rating in the CVSS score suggests that the vulnerability could lead to significant information disclosure (Microsoft MSRC).

Microsoft has released security updates to address this vulnerability across affected versions of Windows. The fixes are available through various KB articles including KB5026361, KB5026362, KB5026363, KB5026368, KB5026370, KB5026372, KB5026382, KB5026409, and KB5026411 (Rapid7).