CVE-2023-24944: 
vulnerability analysis and mitigation

Windows Bluetooth Driver Information Disclosure Vulnerability, identified as CVE-2023-24944, was disclosed on May 9, 2023. The vulnerability affects various versions of Microsoft Windows including Windows 10 (versions 1809, 20H2, 21H2, 22H2) and Windows 11 (versions 21H2) (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the following vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. Microsoft has classified this as a type confusion vulnerability (CWE-843) related to access of resource using incompatible type (NVD).

This vulnerability could lead to information disclosure in the Windows Bluetooth Driver component. The attack requires adjacent network access, and if successfully exploited, could result in unauthorized information disclosure while maintaining system integrity and availability (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5026362 for Windows 10 version 1809, KB5026361 for Windows 10 versions 20H2/21H2/22H2, KB5026368 for Windows 11 version 21H2, and KB5026372 for Windows 11 version 22H2 (Rapid7).