CVE-2023-35315
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted packets to the Layer-2 Bridge Network Driver. It affects Windows systems with the Layer-2 Bridge feature enabled, potentially allowing attackers to take full control of vulnerable systems.
💻 Affected Systems
- Windows Server
- Windows Client
📦 What is this software?
Windows 10 1809 by Microsoft
Windows 10 21h2 by Microsoft
Windows 10 22h2 by Microsoft
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to data theft, ransomware deployment, lateral movement within networks, and persistent backdoor installation.
Likely Case
Remote code execution leading to system compromise, credential harvesting, and installation of malware or persistence mechanisms.
If Mitigated
Limited impact with proper network segmentation, firewall rules blocking unnecessary protocols, and endpoint protection detecting exploit attempts.
🎯 Exploit Status
Exploitation requires network access to the vulnerable system and knowledge of Layer-2 Bridge protocols. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: July 2023 security updates
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35315
Restart Required: Yes
Instructions:
1. Apply July 2023 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS, SCCM, or Intune. 3. Restart systems after patch installation.
🔧 Temporary Workarounds
Disable Layer-2 Bridge
windowsDisable the vulnerable network bridge feature if not required
netsh bridge set adapter 1 state=disable
netsh bridge set adapter 2 state=disable
Network Segmentation
allIsolate systems with Layer-2 Bridge enabled from untrusted networks
🧯 If You Can't Patch
- Disable Layer-2 Bridge feature on all affected systems
- Implement strict network firewall rules to block unnecessary Layer-2 traffic from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check if Layer-2 Bridge is enabled via 'netsh bridge show adapter' and verify Windows version is unpatchedCheck Version:
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"Verify Fix Applied:
Verify July 2023 security updates are installed via 'systeminfo' or Windows Update history📡 Detection & Monitoring
Log Indicators:
- Unusual network bridge activity in Windows Event Logs
- Failed bridge connection attempts
- Unexpected driver loading events
Network Indicators:
- Unusual Layer-2 protocol traffic to Windows systems
- Suspicious bridge protocol data units (BPDUs)
SIEM Query:
EventID=7036 AND ServiceName="Bridge" OR EventID=10000 AND Source="NetBT"