CVE-2023-28241: 
vulnerability analysis and mitigation

CVE-2023-28241 is a Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service vulnerability that was discovered and disclosed in March 2023. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (Microsoft Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited over the network with low attack complexity and requires no privileges or user interaction (Rapid7).

This vulnerability specifically affects the availability of the system, potentially allowing attackers to cause a denial of service condition. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, the vulnerability can have a high impact on system availability (Rapid7).

Microsoft has released security updates to address this vulnerability across multiple affected versions. The fixes are available through various KB updates including KB5025221, KB5025224, KB5025228, KB5025229, KB5025230, KB5025234, KB5025239, KB5025272, and KB5025288 (Rapid7).