CVE-2023-28229
Published: 11 April 2023
Summary
CVE-2023-28229 is a high-severity Sensitive Data Storage in Improperly Locked Memory (CWE-591) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.0 (High).
Operationally, ranked in the top 7.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Deeper analysis
Windows CNG Key Isolation Service contains an elevation of privilege vulnerability tracked as CVE-2023-28229. The flaw resides in a core Windows cryptographic component responsible for isolating and managing keys, allowing an authenticated local user to obtain higher privileges on affected systems. The vulnerability carries a CVSS 3.1 score of 7.0 with a local attack vector, high complexity, and low privileges required.
An attacker with a local account can exploit the issue to escalate privileges, potentially gaining the ability to read, modify, or delete protected data and execute code with elevated rights. Exploitation requires no user interaction and targets the Windows kernel-adjacent service, enabling full compromise of confidentiality, integrity, and availability on the host.
Microsoft has published security updates addressing the flaw through its update guide, while CISA has added CVE-2023-28229 to its catalog of known exploited vulnerabilities, confirming active in-the-wild use and underscoring the need for prompt patching. Organizations should apply the relevant Windows security updates and verify service configurations to reduce exposure.
EPSS for this CVE rose materially from a low baseline to a peak of 0.4231 on 2024-08-15 before receding to the current 0.0864, indicating that exploitation interest increased well after initial disclosure and that the issue merits renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-31937
Vulnerability details
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 04 October 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor security updates that Microsoft released to eliminate the CNG Key Isolation Service flaw.
Enforces least-privilege restrictions on local accounts so an attacker starts with minimal rights, raising the bar for successful EoP.
Enforces access-control decisions on the key-isolation service, blocking unauthorized callers from obtaining elevated privileges.