CVE-2023-32046

CVSS v3.1 7.8 (High)

EPSS 0.19 % (56^th)

Affected Products 12

Advisories 2

Windows MSHTML Platform Elevation of Privilege Vulnerability

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Microsoft Corporation
Published Date: 2023-07-11 18:15:13
(14 months ago)
Updated Date: 2023-07-31 17:48:02
(13 months ago)

Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)

Description: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Known to be Used in Ransomware Campaigns: Unknown
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046; https://nvd.nist.gov/vuln/detail/CVE-2023-32046

Vendor: Microsoft
Product: Windows
In CISA Catalog from: 2023-07-11
(14 months ago)
Due Date: 2023-08-01
(13 months ago)

Affected Products

Microsoft

Configuration #1

		CPE23	From	Up To
	Microsoft Windows 10 1507 prior 10.0.10240.20048 version	cpe:2.3:o:microsoft:windows_10_1507		< 10.0.10240.20048
	Microsoft Windows 10 1607 prior 10.0.14393.6085 version	cpe:2.3:o:microsoft:windows_10_1607		< 10.0.14393.6085
	Microsoft Windows 10 1809 prior 10.0.17763.4645 version	cpe:2.3:o:microsoft:windows_10_1809		< 10.0.17763.4645
	Microsoft Windows 10 21h2 prior 10.0.19041.3208 version	cpe:2.3:o:microsoft:windows_10_21h2		< 10.0.19041.3208
	Microsoft Windows 10 22h2 prior 10.0.19045.3208 version	cpe:2.3:o:microsoft:windows_10_22h2		< 10.0.19045.3208
	Microsoft Windows 11 21h2 prior 10.0.22000.2176 version	cpe:2.3:o:microsoft:windows_11_21h2		< 10.0.22000.2176
	Microsoft Windows 11 22h2 prior 10.0.22621.1992 version	cpe:2.3:o:microsoft:windows_11_22h2		< 10.0.22621.1992
	Microsoft Windows Server 2008 SP2	cpe:2.3:o:microsoft:windows_server_2008:-:sp2
	Microsoft Windows Server 2008 R2 SP1 on X64	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64
	Microsoft Windows Server 2012	cpe:2.3:o:microsoft:windows_server_2012:-
	Microsoft Windows Server 2012 R2	cpe:2.3:o:microsoft:windows_server_2012:r2
	Microsoft Windows Server 2016	cpe:2.3:o:microsoft:windows_server_2016:-
	Microsoft Windows Server 2019	cpe:2.3:o:microsoft:windows_server_2019:-
	Microsoft Windows Server 2022	cpe:2.3:o:microsoft:windows_server_2022:-