CVE-2023-32035: 
vulnerability analysis and mitigation

A Remote Procedure Call Runtime Denial of Service Vulnerability identified as CVE-2023-32035 was discovered affecting Microsoft Windows systems. The vulnerability was initially reported on May 1, 2023, and publicly disclosed on July 11, 2023. The vulnerability affects multiple versions of Microsoft Windows including Windows 10, Windows 11, and various Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while Microsoft Corporation assessed it with a score of 6.5 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-125 (Out-of-bounds Read) by Microsoft Corporation (NVD).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. If successfully exploited, it can result in a denial of service condition in the Remote Procedure Call Runtime (NVD).

Microsoft has released security updates to address this vulnerability across affected Windows versions. Updates are available for Windows 10 (versions 1507 through 22H2), Windows 11 (21H2 and 22H2), and Windows Server versions (2008 through 2022) (Rapid7).