CVE-2023-35363: 
vulnerability analysis and mitigation

Windows Kernel Elevation of Privilege Vulnerability (CVE-2023-35363) was disclosed on July 11, 2023. This vulnerability affects multiple versions of Microsoft Windows, including Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 21H2, 22H2), Windows Server 2019, and Windows Server 2022 (NVD).

The vulnerability has been classified as a Heap-based Buffer Overflow (CWE-122) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with high impact on confidentiality (C:H), integrity (I:H), and availability (A:H) (NVD).

This vulnerability could allow an attacker to gain elevated privileges on affected systems. The high CVSS score indicates that successful exploitation could result in significant impacts on system confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5028168 (Windows 10 1809), KB5028166 (Windows 10 21H2/22H2), KB5028182 (Windows 11 21H2), KB5028185 (Windows 11 22H2), and KB5028171 (Windows Server 2022) (Rapid7).