Microsoft Win32k Privilege Escalation Vulnerability - 20230626001¶
Overview¶
The kernel-mode driver in multiple versions of Microsoft Windows allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability".
What is the vulnerability?¶
CWE-264 - Permissions, Privileges, and Access Controls
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit the vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
The following tables contain links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list:
| Vulnerability title | CVE number | Publicly disclosed | Exploited |
|---|---|---|---|
| Win32k Elevation of Privilege Vulnerability | CVE-2016-0143 | No | No |
| Win32k Elevation of Privilege Vulnerability | CVE-2016-0165 | No | Yes |
| Win32k Elevation of Privilege Vulnerability | CVE-2016-0167 | No | Yes |
What is vulnerable?¶
The vulnerability affects the following products:
- Microsoft Windows Vista SP2
- Windows Server 2008 SP2 and R2 SP1
- Windows 7 SP1, Windows 8.1
- Windows Server 2012 Gold and R2
- Windows RT 8.1
- Windows 10 Gold and 1511
What has been observed?¶
CISA added this vulnerabilty to their Known Exploited Vulnerabilties catalog on 22 June 2023.
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):