CVE-2023-36718: 
vulnerability analysis and mitigation

Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability (CVE-2023-36718) was disclosed on October 10, 2023. This vulnerability affects various versions of Microsoft Windows operating systems, including Windows 10 and Windows 11 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. This indicates that the vulnerability requires local access, has high attack complexity, requires low privileges, needs no user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code through the Microsoft Virtual Trusted Platform Module, potentially compromising the security of the affected system (Microsoft Security).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5031377 for Windows 10 1507, KB5031362 for Windows 10 1607, KB5031361 for Windows 10 1809, KB5031356 for Windows 10 21H2/22H2, KB5031358 for Windows 11 21H2, and KB5031354 for Windows 11 22H2 (Rapid7).