CVE-2023-35384: 
vulnerability analysis and mitigation

Windows HTML Platforms Security Feature Bypass Vulnerability (CVE-2023-35384) was disclosed on August 8, 2023. This vulnerability affects multiple versions of Microsoft Windows including Windows 10, Windows 11, and Windows Server installations (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. Microsoft Corporation assessed it with a slightly lower CVSS score of 5.4 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-73 (External Control of File Name or Path) (NVD).

The vulnerability could allow an attacker to bypass security features in Windows HTML Platforms, potentially leading to integrity and availability impacts. According to the CVSS scoring, while there is no direct impact on confidentiality, there could be high impacts on integrity when successfully exploited (NVD).

Microsoft has released security updates to address this vulnerability. Multiple KB updates are available for affected systems including KB5029259 for Windows 10 1507, KB5029242 for Windows 10 1607, KB5029247 for Windows 10 1809, KB5029244 for Windows 10 21H2/22H2, KB5029253 for Windows 11 21H2, and KB5029263 for Windows 11 22H2 (Rapid7).