CVE-2023-21674

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21674	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_10_1507::::::::
	cpe:2.3:o:microsoft:windows_10_1607::::::::
	cpe:2.3:o:microsoft:windows_10_1809::::::::
	cpe:2.3:o:microsoft:windows_10_20h2::::::::
	cpe:2.3:o:microsoft:windows_10_21h2::::::::
	cpe:2.3:o:microsoft:windows_10_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_21h2::::::::
	cpe:2.3:o:microsoft:windows_11_22h2::::::::
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022::::::::

History

No history.

Information

Published : 2023-01-10 22:15

Updated : 2024-06-28 13:45

NVD link : CVE-2023-21674

Mitre link : CVE-2023-21674

CVE.ORG link : CVE-2023-21674

JSON object : View

Products Affected

microsoft

windows_11_21h2
windows_10_20h2
windows_10_1507
windows_server_2012
windows_server_2022
windows_10_22h2
windows_rt_8.1
windows_10_21h2
windows_11_22h2
windows_server_2019
windows_10_1607
windows_server_2016
windows_10_1809

CWE

CWE-416

Use After Free

{"id": "CVE-2023-21674", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secure@microsoft.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2023-01-10T22:15:16.307", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21674", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Secondary", "source": "secure@microsoft.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de elevaci\u00f3n de privilegios de llamada a procedimiento local avanzado (ALPC) de Windows."}], "lastModified": "2024-06-28T13:45:47.150", "cisaActionDue": "2023-01-31", "cisaExploitAdd": "2023-01-10", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A983693-C39E-424B-8A1E-BD7B3A199632", "versionEndExcluding": "10.0.10240.19685"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "960B3437-DF2C-4CF6-AF06-9AF1E6AC9EA5", "versionEndExcluding": "10.0.14393.5648"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7F8B54C-4564-497A-9786-876A516219C3", "versionEndExcluding": "10.0.17763.3887"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EC1EA32-6810-4092-BEBF-120FBE093A5B", "versionEndExcluding": "10.0.19042.2486"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05BF289F-51FE-4CE5-8487-D909E4CA3D77", "versionEndExcluding": "10.0.19044.2486"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "127FA76C-101B-4DAB-9034-1B893016D06A", "versionEndExcluding": "10.0.19045.2486"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84D221BE-D305-4BB8-ADAF-DEDFF7E35C8D", "versionEndExcluding": "10.0.22000.1455"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E62759B-9029-42E8-8807-1AC4C2D00401", "versionEndExcluding": "10.0.22621.1105"}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1FFC699-725E-4F6A-988D-228613256CA3", "versionEndExcluding": "10.0.14393.5648"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F9F1524-807A-49CC-9F15-B4967AF78E31", "versionEndExcluding": "10.0.17763.3887"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D47581C0-F0DF-45D3-8BBF-B49E2172E01C", "versionEndExcluding": "10.0.20348.1487"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability"}