CVE-2023-35378: 
vulnerability analysis and mitigation

Windows Projected File System Elevation of Privilege Vulnerability (CVE-2023-35378) was identified and disclosed on June 14, 2023. This vulnerability affects multiple versions of Microsoft Windows, including Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 21H2, 22H2), Windows Server 2019, and Windows Server 2022 (NVD CVE).

The vulnerability is classified as a race condition vulnerability, specifically a Time-of-check Time-of-use (TOCTOU) race condition. It has been assigned CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) and CWE-367 (Time-of-check Time-of-use Race Condition). Microsoft has assessed the severity with a CVSS v3.1 base score of 7.0 (High), with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD CVE).

The vulnerability could allow an attacker to gain elevated privileges on affected systems. Given the CVSS scoring, successful exploitation could result in high impacts on confidentiality, integrity, and availability of the affected systems (NVD CVE).

Microsoft has released security updates to address this vulnerability. The fixes are available through Windows Update for all affected versions of Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022 (Microsoft Advisory).