1. Home
  2. Vulnerabilities
  3. CVE-2023-21674

CVE-2023-21674

CVSS v3.1 8.8 (High)
88% Progress
EPSS 0.14 % (50th)
0.14% Progress
Affected Products 13
Advisories 2
NVD Status Analyzed
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2023-01-10 22:15:16
(20 months ago)
Updated Date
2024-06-28 13:45:47
(2 months ago)
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21674; https://nvd.nist.gov/vuln/detail/CVE-2023-21674
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2023-01-10
(20 months ago)
Due Date
2023-01-31
(19 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.19685 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.19685
  Microsoft Windows 10 1607 prior 10.0.14393.5648 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.5648
  Microsoft Windows 10 1809 prior 10.0.17763.3887 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.3887
  Microsoft Windows 10 20h2 prior 10.0.19042.2486 version cpe:2.3:o:microsoft:windows_10_20h2 < 10.0.19042.2486
  Microsoft Windows 10 21h2 prior 10.0.19044.2486 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.2486
  Microsoft Windows 10 22h2 prior 10.0.19045.2486 version cpe:2.3:o:microsoft:windows_10_22h2 < 10.0.19045.2486
  Microsoft Windows 11 21h2 prior 10.0.22000.1455 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.1455
  Microsoft Windows 11 22h2 prior 10.0.22621.1105 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.1105
  Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 prior 10.0.14393.5648 version cpe:2.3:o:microsoft:windows_server_2016 < 10.0.14393.5648
  Microsoft Windows Server 2019 prior 10.0.17763.3887 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.3887
  Microsoft Windows Server 2022 prior 10.0.20348.1487 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.1487