Protect Yourself from this Critical Microsoft Vulnerability

CVECVE-2023-36028
CVSScvssV3_1: 9.8
SourceCVE-2023-36028

Microsoft’s Protected Extensible Authentication Protocol (PEAP) is a security protocol used to securely transmit authentication credentials like usernames and passwords over Wi-Fi and VPN connections. Unfortunately, researchers have discovered a remote code execution vulnerability in PEAP that receives a high CVSS score of 9.8 out of 10 due to its critical impacts.

The vulnerability resides in the way PEAP handles encrypted network packets. A remote attacker could craft a malicious packet and send it to a targeted system using PEAP. This would allow the attacker to execute arbitrary code on the system with the user’s privileges. As PEAP authentications are commonly used for remote access to corporate networks, an exploit of this vulnerability could give an attacker deep access to sensitive systems and data.

The best way to protect yourself is to ensure your Microsoft PEAP implementations have the latest security updates applied. Microsoft has released a patch to address this vulnerability, so installing all available Windows and network driver updates is critical. You should also consider disabling PEAP if it’s not absolutely necessary, and use alternative protocols like TLS if possible. Being vigilant about application security patches is key to avoiding threats like this in the future.

References