CVE-2023-35633: 
vulnerability analysis and mitigation

Windows Kernel Elevation of Privilege Vulnerability (CVE-2023-35633) was disclosed on December 12, 2023. This vulnerability affects multiple Windows operating systems including Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2012 R2. The vulnerability is related to improper handling of Windows Registry Predefined-handle keys (MSRC, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at high levels. Microsoft has classified this as a CWE-59 type vulnerability, which relates to Improper Link Resolution Before File Access ('Link Following') (NVD).

Successful exploitation of this vulnerability could allow an attacker to achieve elevation of privilege within the context of the vulnerable system, potentially gaining higher-level permissions on the affected Windows system (FortiGuard).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the most recent upgrades or patches available through the Microsoft Security Update Guide (MSRC).