CVE-2023-35308: 
vulnerability analysis and mitigation

Windows MSHTML Platform Security Feature Bypass Vulnerability, identified as CVE-2023-35308, was disclosed on July 11, 2023. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L. Microsoft has classified this as a security feature bypass vulnerability, and it has been associated with CWE-73 (External Control of File Name or Path) (NVD).

The vulnerability could allow an attacker to bypass security features in the Windows MSHTML Platform, potentially leading to integrity and availability impacts. According to the CVSS scoring, while there is no impact on confidentiality, there are low impacts on both integrity and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. The fix was included in the September 2023 security updates for affected systems, including Windows Embedded Compact 2013. Users are advised to apply the security updates to mitigate the vulnerability (Microsoft Support).