CVE-2023-29361 — Use After Free in Microsoft Windows 10 Version 21h2

CWE-416 — Use After Free9 documents7 sources

Severity

7.0HIGHNVD

EPSS

1.3%

top 20.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 21h2 Microsoft Windows 10 Version 22h2 Microsoft Windows 11 Version 21h2 +17 more

Timeline

PublishedJun 14

Latest updateJul 15

Description

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages21 packages

▶NVDmicrosoft/windows< 10.0.20348.1787

▶NVDmicrosoft/windows_10_21h2< 10.0.19044.3086

▶NVDmicrosoft/windows_10_22h2< 10.0.19045.3087

▶NVDmicrosoft/windows_11_21h2< 10.0.22000.2057

▶NVDmicrosoft/windows_11_22h2< 10.0.22621.1848

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-h26c-74g7-p96g: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability↗2023-06-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle Analytics Risk Matrix: Analytics Server (Werkzeug) — CVE-2022-29361↗2023-07-15

▶

Microsoft

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability↗2023-06-13

▶

🕵️Threat Intelligence

Talos

Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days↗2023-06-13

▶

Qualys

Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review | Qualys↗2023-06-13

▶

Talos

Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days↗2023-06-13

▶

Qualys

Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review↗2023-06-13

▶

Zscaler

Zscaler found Windows Security Vulnerabilities | 06-13-2023↗

▶