CVE-2023-36033

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS 7.8 HIGHEPSS 12.0%● KEVCWE-822

In short

A vulnerability in Windows DWM (Desktop Window Manager) Core Library allows an attacker with local access to gain higher privileges on the system. This is dangerous because it could let someone take full control of your computer.

Technical detail

An elevation of privilege vulnerability exists in the Windows DWM Core Library (CWE-822). A local attacker can exploit this to escalate privileges and execute code with system-level permissions. The vulnerability requires local access but provides significant impact through unauthorized system control.

Summary generated and translated by AI from the official description.

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected products

Microsoft · Windows 10 Version 1809 Microsoft · Windows 10 Version 21H2 Microsoft · Windows 10 Version 22H2 Microsoft · Windows 11 version 21H2 Microsoft · Windows 11 version 22H2 Microsoft · Windows 11 version 22H3 Microsoft · Windows 11 Version 23H2 Microsoft · Windows Server 2019 Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server 2022 Microsoft · Windows Server 2022, 23H2 Edition (Server Core installation)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36033 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36033