Microsoft recently released the KB5028407 security update for all supported Win10, Win11, and Windows Server system versions, focusing on mitigating the vulnerability with the tracking number CVE-2023-32019.
The vulnerability, discovered by Mateusz Jurczyk, a security researcher on Google’s Project Zero team, allows an authenticated user (attacker) to access memory in a privileged process without elevating to administrator privileges, thereby extracting relevant sensitive information.
The vulnerability tracking number is CVE-2023-32019, and the score is 4.7/10 (medium), but Microsoft evaluates it as “important”.
An attacker who successfully exploited the vulnerability could view heap memory from a privileged process running on the server, Microsoft said.
Successful exploitation of this vulnerability would require an attacker to coordinate the attack with another privileged process running on the system as another user.
Microsoft stated that if users want to mitigate the vulnerabilities associated with CVE-2023-32019, they need to install June and subsequent security updates through Windows Update or other means.