Cyber Resilience

CVE-2023-21823

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 February 2023

Published
14 February 2023
Modified
30 October 2025
KEV Added
14 February 2023
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0229 85.1th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-21823 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 14.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

Windows Graphics Component contains an integer overflow vulnerability tracked as CVE-2023-21823 that permits remote code execution. The flaw affects multiple versions of Microsoft Windows and carries a CVSS 3.1 base score of 7.8 with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that successful exploitation yields full confidentiality, integrity, and availability impact on the local system.

An attacker with low-privileged local access can trigger the flaw through specially crafted graphics content processed by the affected component, resulting in arbitrary code execution at the privileges of the calling process. No user interaction is required beyond the initial local context, allowing an adversary to elevate privileges or move laterally once code execution is obtained.

Microsoft’s security update guide provides patches addressing the issue, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. Administrators are advised to apply the vendor updates promptly and to monitor for follow-on guidance from the referenced Microsoft advisory.

EPSS for the vulnerability rose sharply from a low baseline to a peak of 0.9619 on 22 December 2023 before receding to its current value of 0.0229, indicating that meaningful exploitation interest developed several months after disclosure.

EU & UK References

Vulnerability details

Windows Graphics Component Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
14 February 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.19747 · ≤ 10.0.10240.19747
microsoft
windows 10 1607
≤ 10.0.14393.5717 · ≤ 10.0.14393.5717
microsoft
windows 10 1809
≤ 10.0.17763.4010 · ≤ 10.0.17763.4010 · ≤ 10.0.17763.4010
microsoft
windows 10 20h2
≤ 10.0.19042.2604 · ≤ 10.0.19042.2604 · ≤ 10.0.19042.2604
microsoft
windows 10 21h2
≤ 10.0.19044.2604 · ≤ 10.0.19044.2604 · ≤ 10.0.19044.2604
microsoft
windows 10 22h2
≤ 10.0.19045.2604 · ≤ 10.0.19045.2604 · ≤ 10.0.19045.2604
microsoft
windows 11 21h2
≤ 10.0.22000.1574 · ≤ 10.0.22000.1574
microsoft
windows 11 22h2
≤ 10.0.22621.1265 · ≤ 10.0.22621.1265
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of Microsoft security updates that remediate the graphics-component integer-overflow flaw before local exploitation can succeed.

prevent

Enforces least functionality by disabling or restricting unneeded Windows graphics features and code paths that the CVE-2023-21823 attack relies on.

prevent

Applies memory-protection mechanisms that can block or contain the integer-overflow memory corruption exploited by this vulnerability.

References