CVE-2023-35313: 
vulnerability analysis and mitigation

Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability (CVE-2023-35313) was disclosed on July 11, 2023. This vulnerability affects multiple versions of Microsoft Windows, including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Microsoft has classified this as a Use After Free (CWE-416) vulnerability (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on affected systems, potentially gaining the same level of privileges as the compromised application. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as High according to the CVSS metrics (Microsoft).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5028186 for Windows 10 1507, KB5028169 for Windows 10 1607, KB5028168 for Windows 10 1809, KB5028166 for Windows 10 21H2/22H2, KB5028182 for Windows 11 21H2, and KB5028185 for Windows 11 22H2 (Rapid7).