CVE-2023-21674 | THREATINT

Description

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

Reserved 2022-12-13 | Published 2023-01-10 | Updated 2025-01-01 | Assigner microsoft

HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CISA Known Exploited Vulnerability

Date added 2023-01-10 | Due date 2023-01-31

Apply updates per vendor instructions.

Problem types

CWE-416: Use After Free

Product status

10.0.17763.0 before 10.0.17763.3887

affected

10.0.0 before 10.0.17763.3887

affected

10.0.17763.0 before 10.0.17763.3887

affected

10.0.17763.0 before 10.0.17763.3887

affected

10.0.20348.0 before 10.0.20348.1487

affected

10.0.0 before 10.0.19042.2486

affected

10.0.0 before 10.0.22000.1455

affected

10.0.19043.0 before 10.0.19044.2486

affected

10.0.22621.0 before 10.0.22621.1105

affected

10.0.19045.0 before 10.0.19045.2486

affected

10.0.10240.0 before 10.0.10240.19685

affected

10.0.14393.0 before 10.0.14393.5648

affected

10.0.14393.0 before 10.0.14393.5648

affected

10.0.14393.0 before 10.0.14393.5648

affected

6.3.0 before 6.3.9600.20778

affected

6.3.9600.0 before 6.3.9600.20778

affected

6.3.9600.0 before 6.3.9600.20778

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2023-21674)

nvd.nist.gov (CVE-2023-21674)

Download JSON