⚠ Actively exploited
Added to CISA KEV on 2023-05-09. Federal agencies required to patch by 2023-05-30. Required action: Apply updates per vendor instructions..

CVE-2023-29336Use After Free in Microsoft Windows 10 Version 1507

CWE-416Use After Free20 documents11 sources
Severity
7.8HIGHCNA
No vector
EPSS
79.5%
top 0.91%
CISA KEV
KEV
Added 2023-05-09
Due 2023-05-30
Exploit
Exploited in wild
Active exploitation observed
Affected products
17
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows Server 2008 R2 Service Pack 1+14 more
Timeline
PublishedMay 9
KEV addedMay 9
KEV dueMay 30
Latest updateMay 25
CISA Required Action: Apply updates per vendor instructions.

Description

Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability

Affected Packages17 packages

CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.24266
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.5921
CVEListV5microsoft/windows_server_2012_r26.3.9600.06.3.9600.20969
CVEListV5microsoft/windows_10_version_150710.0.10240.010.0.10240.19926
CVEListV5microsoft/windows_10_version_160710.0.14393.010.0.14393.5921

🔴Vulnerability Details

2
CVEList
Win32k Elevation of Privilege Vulnerability2023-05-09
VulnCheck
Microsoft Win32K Privilege Escalation Vulnerability2023

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Server 2016 - Win32k Elevation of Privilege2025-05-25

📋Vendor Advisories

2
CISA
Microsoft Win32K Privilege Escalation Vulnerability2023-05-09
Microsoft
Win32k Elevation of Privilege Vulnerability2023-05-09

🕵️Threat Intelligence

15
Tenable
Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs2024-06-11
Tenable
Microsoft’s January 2024 Patch Tuesday Addresses 48 CVEs (CVE-2024-20674)2024-01-09
Tenable
CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities2023-09-27
Securelist
IT threat evolution in Q2 2023. Non-mobile statistics2023-08-30
Securelist
PC malware statistics, Q2 20222023-08-30
CVE-2023-29336 — Use After Free in Microsoft | cvebase