Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

On April 12, 2023 Microsoft has released Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

Affected Systems

• cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* Up to (excluding)
10.0.10240.19869
• cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* Up to (excluding)
10.0.14393.5850
• cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* Up to (excluding)
10.0.17763.4252
• cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:* Up to (excluding)
10.0.19042.2846
• cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* Up to (excluding)
10.0.19044.2846
• cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* Up to (excluding)
10.0.19045.2846
• cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* Up to (excluding)
10.0.22000.1817
• cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* Up to (excluding)
10.0.22621.1555
• cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
• cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*

IoC’s

-

Recommended Solution(s)

-

Mitigations

-

CVE / CWE

CVE-2023-28250

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2023-28250
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28250

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.