Win32k Elevation of Privilege Vulnerability
CVE-2023-29336

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1507
Windows 10 Version 1607
Windows Server 2016
Windows Server 2016 (server Core Installation)
Vendor
CVE Published:
9 May 2023

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 76%πŸ¦… CISA ReportedπŸ“° News Worthy

Summary

The Win32k elevation of privilege vulnerability affects multiple versions of Microsoft Windows. This vulnerability arises from improper handling of objects in memory, which may allow an attacker to execute arbitrary code with elevated privileges. A successful exploit could lead to significant consequences, including unauthorized access to sensitive information and the ability to manipulate system functions. Proper updates and patch management are essential to mitigate the risks associated with this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.19926

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.5921

Windows Server 2008 Service Pack 2 x64-based Systems 6.0.6003.0 < 6.0.6003.22070

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-29336
Created by m-cetin

News Articles

favicon imageHelp Net Security

Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932) - Help Net Security

Microsoft delivers patch for Windows bug (CVE-2023-29336) and Secure Boot bypass flaw (CVE-2023-24932) exploited by attackers.

favicon imageThe Register

Microsoft warns of two bugs under active exploit

Patch Tuesday May's Patch Tuesday brings some good and some bad news, and if you're a glass-half-full type, you'd lead off with Microsoft's relatively low number of security fixes: a mere 38. Your humble...

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

76% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“°

    First article discovered by The Register

  • Vulnerability published

  • Vulnerability Reserved

.