CVE-2023-36428: 
vulnerability analysis and mitigation

Microsoft Local Security Authority Subsystem Service (LSASS) Information Disclosure Vulnerability (CVE-2023-36428) was disclosed on November 14, 2023. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server versions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. It is classified as CWE-125 (Out-of-bounds Read) by Microsoft Corporation. The vulnerability requires local access and low privileges to exploit, with potential for high confidentiality impact but no impact on integrity or availability (NVD).

This vulnerability could allow an attacker to obtain sensitive information from the Local Security Authority Subsystem Service. The impact is limited to information disclosure with no compromise to system integrity or availability (Rapid7).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB articles including KB5032189, KB5032190, KB5032192, KB5032196, KB5032197, KB5032198, KB5032199, KB5032202, KB5032247, and KB5032249 (Rapid7).