CVE-2024-20652: 
vulnerability analysis and mitigation

Windows HTML Platforms Security Feature Bypass Vulnerability (CVE-2024-20652) was disclosed on January 9, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating it is a network-accessible vulnerability with high complexity, requiring no privileges or user interaction, and potentially resulting in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability could lead to a security feature bypass in Windows HTML Platforms, potentially allowing attackers to compromise affected systems with high impacts on confidentiality, integrity, and availability (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability across multiple affected Windows versions. Updates are available through KB5034134 (Windows 10 1507), KB5034119 (Windows 10 1607), KB5034127 (Windows 10 1809), KB5034122 (Windows 10 21H2/22H2), KB5034121 (Windows 11 21H2), KB5034123 (Windows 11 22H2/23H2), and various other KB articles for Windows Server editions (Rapid7).