CVE-2023-35330 – This vulnerability allows attackers to cause a ... (How to Fix)

Q: What is the severity of CVE-2023-35330?

CVE-2023-35330 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a denial of service (DoS) on Windows systems by exploiting improper handling of extended negotiation in certain protocols. It affects Windows servers and workstations that have vulnerable components enabled. The attack requires network access to the target system.

📋 TL;DR

This vulnerability allows attackers to cause a denial of service (DoS) on Windows systems by exploiting improper handling of extended negotiation in certain protocols. It affects Windows servers and workstations that have vulnerable components enabled. The attack requires network access to the target system.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Multiple Windows versions (specific versions in Microsoft advisory)

Operating Systems: Windows Server, Windows Client

Default Config Vulnerable: ⚠️ Yes

Notes: Requires vulnerable protocol components to be enabled and accessible.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption requiring reboot, potentially affecting multiple users or critical services.

🟠

Likely Case

Service disruption affecting specific network services, causing temporary unavailability.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; potential brief service interruption.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Network-based attack requiring no authentication; complexity is low once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35330

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates from Microsoft. 2. Restart affected systems. 3. Verify patch installation via Windows Update history.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to vulnerable services using firewalls or network segmentation.

Disable Unnecessary Services

windows

Disable affected protocol components if not required for business operations.

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for unusual network traffic patterns and service disruptions

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches related to CVE-2023-35330.

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify patch installation via 'systeminfo' command or Windows Update history showing the relevant KB installed.

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes
Increased error logs from affected protocols
System event logs showing service failures

Network Indicators:

Unusual negotiation patterns in network traffic
Repeated connection attempts to vulnerable ports

SIEM Query:

EventID: 6008 OR EventID: 1000 OR Service crashes with affected protocol names

📊 Metadata

CVE ID: CVE-2023-35330

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: July 11, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35330 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35330 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35330, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft