CVE-2023-21823
Published: 14 February 2023
Summary
CVE-2023-21823 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 14.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
Windows Graphics Component contains an integer overflow vulnerability tracked as CVE-2023-21823 that permits remote code execution. The flaw affects multiple versions of Microsoft Windows and carries a CVSS 3.1 base score of 7.8 with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that successful exploitation yields full confidentiality, integrity, and availability impact on the local system.
An attacker with low-privileged local access can trigger the flaw through specially crafted graphics content processed by the affected component, resulting in arbitrary code execution at the privileges of the calling process. No user interaction is required beyond the initial local context, allowing an adversary to elevate privileges or move laterally once code execution is obtained.
Microsoft’s security update guide provides patches addressing the issue, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. Administrators are advised to apply the vendor updates promptly and to monitor for follow-on guidance from the referenced Microsoft advisory.
EPSS for the vulnerability rose sharply from a low baseline to a peak of 0.9619 on 22 December 2023 before receding to its current value of 0.0229, indicating that meaningful exploitation interest developed several months after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-25989
Vulnerability details
Windows Graphics Component Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 14 February 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of Microsoft security updates that remediate the graphics-component integer-overflow flaw before local exploitation can succeed.
Enforces least functionality by disabling or restricting unneeded Windows graphics features and code paths that the CVE-2023-21823 attack relies on.
Applies memory-protection mechanisms that can block or contain the integer-overflow memory corruption exploited by this vulnerability.