CVE-2023-35630
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems with Internet Connection Sharing (ICS) enabled by sending specially crafted packets. It affects Windows systems where ICS is configured, potentially allowing attackers to take full control of vulnerable machines. The vulnerability requires network access to the target system.
💻 Affected Systems
- Windows 10
- Windows 11
- Windows Server 2019
- Windows Server 2022
📦 What is this software?
Windows 10 1507 by Microsoft
Windows 10 1607 by Microsoft
Windows 10 1809 by Microsoft
Windows 10 21h2 by Microsoft
Windows 10 22h2 by Microsoft
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
Windows 11 23h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative privileges, enabling data theft, ransomware deployment, or creation of persistent backdoors.
Likely Case
Remote code execution leading to malware installation, credential harvesting, or lateral movement within the network.
If Mitigated
Limited impact due to network segmentation, ICS disabled, or proper patching preventing exploitation.
🎯 Exploit Status
Microsoft rates this as 'Exploitation More Likely' in their advisory. Attack complexity is low once network access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: December 2023 security updates (KB5033375 for Windows 10, KB5033372 for Windows 11, etc.)
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630
Restart Required: Yes
Instructions:
1. Apply December 2023 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or Microsoft Endpoint Configuration Manager. 3. Restart systems after update installation.
🔧 Temporary Workarounds
Disable Internet Connection Sharing
windowsTurn off the ICS feature to eliminate the attack surface
netsh wlan set hostednetwork mode=disallow
Disable ICS in Network Connections settings
Network Segmentation
allIsolate systems with ICS enabled from untrusted networks
🧯 If You Can't Patch
- Disable Internet Connection Sharing on all affected systems
- Implement strict network access controls to limit traffic to ICS-enabled systems
🔍 How to Verify
Check if Vulnerable:
Check if December 2023 security updates are installed via 'winver' command or Windows Update history. Verify ICS status in Network Connections.Check Version:
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"Verify Fix Applied:
Confirm KB5033375 (Windows 10) or KB5033372 (Windows 11) is installed via 'systeminfo' command or Windows Update.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing ICS service crashes
- Security logs with unexpected network service activity
- Process creation events from ICS-related services
Network Indicators:
- Unusual traffic to ICS service ports
- Malformed packets targeting ICS components
- Network scanning for ICS-enabled systems
SIEM Query:
source="Windows Security" AND (event_id=4688 OR event_id=4625) AND process_name="svchost.exe" AND service_name="SharedAccess"