Win32k Elevation of Privilege Vulnerability - 20230510002

Overview

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise

What is the vulnerability?

CVE-2023-29336 - CVSS v3 Base Score: 7.8

What is vulnerable?

The vulnerability affects the following products:

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected products: Microsoft - Win32k Elevation of Privilege Vulnerability

Additional References

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336
• https://nvd.nist.gov/vuln/detail/CVE-2023-29336