CVE-2023-32019
published 2023-06-14CVE-2023-32019: Windows Kernel Information Disclosure Vulnerability
PriorityP418medium4.7CVSS 3.1
AVLACHPRLUINSUCHINAN
EPSS
1.38%
68.6th percentile
Windows Kernel Information Disclosure Vulnerability
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1607 | < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_10_1809 | < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_21h2 | < 10.0.19044.3086 | 10.0.19044.3086 |
| microsoft | windows_10_22h2 | < 10.0.19045.3087 | 10.0.19045.3087 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3086 | 10.0.19044.3086 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3086 | 10.0.19045.3086 |
| microsoft | windows_11_21h2 | < 10.0.22000.2057 | 10.0.22000.2057 |
| microsoft | windows_11_22h2 | < 10.0.22621.1848 | 10.0.22621.1848 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2057 | 10.0.22000.2057 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1848 | 10.0.22621.1848 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_server_2019 | < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_server_2022 | < 10.0.20348.1787 | 10.0.20348.1787 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1787 | 10.0.20348.1787 |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Project0
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption - Project Zero
project_zero·2025-05-01
CVE-2019-0881 The Windows Registry Adventure #8: Practical exploitation of hive memory corruption - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and freed memory chunks by a custom al
Project0
The Windows Registry Adventure #7: Attack surface analysis - Project Zero
project_zero·2025-05-01
CVE-2010-0237 The Windows Registry Adventure #7: Attack surface analysis - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily lengthens the total
Project0
The Windows Registry Adventure #1: Introduction and research results - Project Zero
project_zero·2024-04-01
CVE-2022-34707 The Windows Registry Adventure #1: Introduction and research results - Project Zero
Posted by Mateusz Jurczyk, Google Project Zero
In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer based on the Bochs x86 emulator (one of my favorite tools for security research: see Bochspwn, Bochspwn Reloaded, and my earlier font fuzzing infrastructure), and needed some binary formats to test it on. My first pick were PE files: they are very popular in the Windows environment, which makes it easy to create an initial corpus of input samples, and a basic fuzzing harness is equally easy to develop with just a single GetFileVersionInfoSizeW API call. The test was successful: even though I h
GHSA
GHSA-mh3f-2xwc-5r5j: Windows Kernel Information Disclosure Vulnerability
ghsa_unreviewed·2023-06-14
CVE-2023-32019 [MEDIUM] CWE-668 GHSA-mh3f-2xwc-5r5j: Windows Kernel Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Microsoft
Windows Kernel Information Disclosure Vulnerability
vendor_msrc·2023-06-13·CVSS 4.7
CVE-2023-32019 [MEDIUM] Windows Kernel Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to coordinate an attack with another privileged process executed by another user in the system.
FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
FAQ: What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.
Windows Kernel: Windows Kernel
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-14
Published