CISA Known Exploited Vulnerability

CVE-2023-29336

Microsoft · Win32k

Microsoft Win32K Privilege Escalation Vulnerability

Date added 2023-05-09

BOD 22-01 due date 2023-05-30

CWE CWE-416

Ransomware Unknown

CISA description

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.

Required action

Apply updates per vendor instructions.

Notes & references

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

External lookups