CVE-2023-23376
Published: 14 February 2023
Summary
CVE-2023-23376 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 5.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability CVE-2023-23376 is an elevation of privilege flaw in the Windows Common Log File System Driver, tracked under CWEs 122 and 787. It affects the CLFS kernel component and carries a CVSS 3.1 score of 7.8, reflecting local attack vector, low complexity, and low required privileges with high impact on confidentiality, integrity, and availability.
A local attacker with existing low-privileged access on a Windows system can exploit the issue to escalate rights, obtaining full control over affected components without user interaction. This allows the attacker to read, modify, or delete arbitrary data and potentially compromise the entire host.
Microsoft advisory information at the referenced MSRC pages describes available security updates that address the flaw. The CISA Known Exploited Vulnerabilities catalog entry confirms the vulnerability has been observed in active exploitation, underscoring the need to apply patches promptly.
EPSS scores reached a peak of 0.2255 before settling at the current value of 0.1515, indicating measurable post-disclosure exploitation interest that warrants continued monitoring.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-27476
Vulnerability details
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 14 February 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor security update that eliminates the CLFS driver EoP flaw before exploitation can succeed.
Limits the initial low-privileged account an attacker must obtain, thereby reducing the starting point for the local kernel escalation described in CVE-2023-23376.
Verifies integrity of Windows system files and drivers, enabling detection of unauthorized modifications that would be performed by successful exploitation of the vulnerable CLFS driver.