CVE-2024-21311: 
vulnerability analysis and mitigation

Windows Cryptographic Services Information Disclosure Vulnerability (CVE-2024-21311) was disclosed on January 9, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server versions. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) (Microsoft MSRC).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) issue. It has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating that it requires local access, low attack complexity, low privileges, and no user interaction. The vulnerability affects the cryptographic services component of Windows operating systems (NVD).

This vulnerability could lead to information disclosure if successfully exploited. The CVSS scoring indicates high confidentiality impact, while integrity and availability are not affected (Microsoft MSRC).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB articles including KB5034134, KB5034119, KB5034127, KB5034122, KB5034123, and others for different affected Windows versions (Rapid7).