Server 2008 and Windows Server 2012 were added to the affected operating systems table for the Vulnerability CVE-2023-36805. Earlier, these operating systems were not on the list for MSHTML Platform Security Feature Bypass Vulnerability.
Microsoft revised the list of impacted operating systems for Internet Explorer 11 related component MSHTML. Even though Microsoft has announced the retirement of the IE 11 application on certain platforms, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported.
Some Windows versions still support the IE11 browser even after 15 June 2022. This applies mainly to server operating systems such as 2012 and 2008. Microsoft also supports IE mode in the Microsoft Edge browser to help organizations run legacy apps.
Microsoft has also revised the following CVEs recently – CVE-2023-24936, CVE-2023-27909, and CVE-2023-27911. There was an update to PowerShell 7.2, and 7.3 is affected by 5 Critical Vulnerabilities published in September.
- Why a Hotfix to Remove IE Browser App from Windows 10 Devices is Needed
- Disable Internet Explorer Using the Intune Group Policy Browser App
Windows Server 2012 Extended Security Updates (ESUs)
Server 2012 and 2012 R2 are going out of support by the end of October 10, 2023. However, you can still get hotfixes if you purchase Extended Security Updates (ESUs) for Windows Server 2012 and make it secure for some time.
NOTE! – ESUs will continue for three years, renewable annually, until the final date on October 13, 2026.
Server 2012 and Server 2008 Vulnerability
Let’s understand more about the Windows Server 2012 and Server 2008 Vulnerability CVE-2023-36805. This is related to Windows MSHTML, and to stay fully protected, Microsoft recommends that customers who install Security Only updates install the IE Cumulative updates for this vulnerability.
The MSHTML platform is used by IE mode in Microsoft Edge and other applications through WebBrowser control. WebView and some UWP applications use the EdgeHTML platform.
FIX Windows Server 2012 and Server 2008 Vulnerability using KB5030209
Microsoft also released a fix for this vulnerability with 2008 and 2012 server operating systems. You can install the IE CU for September 2023 – KB5030209.
FIX: Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates.
- Internet Explorer 11 on Windows Server 2012 R2
- Internet Explorer 11 on Windows Server 2012
- Internet Explorer 11 on Windows Server 2008 R2 SP1
Author
Sumitha was introduced to the world of computers when she was very young. She loves to help users with their Windows 11 and related queries. She is here to share quick news, tips and tricks with Windows security.