CVE-2023-28297: 
vulnerability analysis and mitigation

Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability, identified as CVE-2023-28297, was discovered and initially recorded on March 13, 2023, with public disclosure on April 11, 2023. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (MITRE CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Microsoft has identified this as a Use After Free (CWE-416) vulnerability in the Windows Remote Procedure Call Service (NVD).

This vulnerability allows an attacker to potentially achieve elevation of privilege through the Windows Remote Procedure Call Service (RPCSS). Given the high CVSS score and the critical nature of the affected component, successful exploitation could lead to complete system compromise with high impacts on confidentiality, integrity, and availability (Rapid7).

Microsoft has released security updates to address this vulnerability across affected systems including Windows 10 (multiple versions), Windows 11, and Windows Server editions. Users are advised to apply the appropriate security patches (KB5022282, KB5022286, KB5022287, KB5022289, KB5022291, KB5022297, KB5022303, KB5022343, KB5022346) for their specific Windows version (Rapid7).