Windows Server 2012 Vulnerability MSHTML Platform Security Feature Bypass

Server 2008 and Windows Server 2012 were added to the affected operating systems table for the Vulnerability CVE-2023-36805. Earlier, these operating systems were not on the list for MSHTML Platform Security Feature Bypass Vulnerability.

Microsoft revised the list of impacted operating systems for Internet Explorer 11 related component MSHTML. Even though Microsoft has announced the retirement of the IE 11 application on certain platforms, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported.

Some Windows versions still support the IE11 browser even after 15 June 2022. This applies mainly to server operating systems such as 2012 and 2008. Microsoft also supports IE mode in the Microsoft Edge browser to help organizations run legacy apps.

Microsoft has also revised the following CVEs recently – CVE-2023-24936CVE-2023-27909, and CVE-2023-27911. There was an update to PowerShell 7.2, and 7.3 is affected by 5 Critical Vulnerabilities published in September.

Patch My PC
Windows Server 2012 Vulnerability MSHTML Platform Security Feature Bypass Fig.1
Windows Server 2012 Vulnerability MSHTML Platform Security Feature Bypass Fig.1

Windows Server 2012 Extended Security Updates (ESUs)

Server 2012 and 2012 R2 are going out of support by the end of October 10, 2023. However, you can still get hotfixes if you purchase Extended Security Updates (ESUs) for Windows Server 2012 and make it secure for some time.

NOTE! – ESUs will continue for three years, renewable annually, until the final date on October 13, 2026.

Adaptiva
Windows Server 2012 Vulnerability MSHTML Platform Security Feature Bypass 1
Windows Server 2012 Vulnerability MSHTML Platform Security Feature Bypass Fig.2

Server 2012 and Server 2008 Vulnerability

Let’s understand more about the Windows Server 2012 and Server 2008 Vulnerability CVE-2023-36805. This is related to Windows MSHTML, and to stay fully protected, Microsoft recommends that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.

The MSHTML platform is used by IE mode in Microsoft Edge and other applications through WebBrowser control. WebView and some UWP applications use the EdgeHTML platform.

Windows Server 2012 Vulnerability MSHTML Platform Security Feature Bypass Fig.3
Windows Server 2012 Vulnerability MSHTML Platform Security Feature Bypass Fig.3

FIX Windows Server 2012 and Server 2008 Vulnerability using KB5030209

Microsoft also released a fix for this vulnerability with 2008 and 2012 server operating systems. You can install the IE CU for September 2023 – KB5030209.

FIX: Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates.

  • Internet Explorer 11 on Windows Server 2012 R2
  • Internet Explorer 11 on Windows Server 2012
  • Internet Explorer 11 on Windows Server 2008 R2 SP1

Author

Sumitha was introduced to the world of computers when she was very young. She loves to help users with their Windows 11 and related queries. She is here to share quick news, tips and tricks with Windows security.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.