Microsoft QUIC Denial of Service Vulnerability
CVE-2023-36435

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Powershell 7.3; Windows Server 2022; Windows 11 Version 21h2; Windows 11 Version 22h2
Vendor: CVE Published:; 10 October 2023

Summary

A vulnerability in Microsoft QUIC could allow an attacker to exploit the service, leading to a denial of service condition. This could disrupt network functions and affect system performance. It is crucial for users and administrators to apply the recommended updates and mitigations to safeguard against potential exploitation.

Affected Version(s)

.NET 7.0 Unknown 7.0.0 < 7.0.13

PowerShell 7.3 Unknown 7.3.0 < 7.3.9

Windows 11 version 21H2 x64-based Systems 10.0.0 < 10.0.22000.2538

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Jun 21, 2023