virus logo Threat Signal Report

Elevation of Privilege Vulnerability in Win32k Exploited in the Wild (CVE-2023-29336)

Description

What is Win32k? Win32k is a system component in Microsoft Windows OS that controls graphic and UI functions at the kernel level. Win32k is responsible for rendering fonts, icons, buttons, and other graphical elements in Windows. It is integral to the OS and any issues affecting Win32k may cause system instability or crashes.
What is the Attack? An Elevation of Privilege (EoP) vulnerability exists in Win32K kernel that allows an attacker to obtain SYSTEM privileges. The issue has been assigned CVE-2023-29336. No further details are available from Microsoft.
The vulnerability has a CVSS base score of 7.8 and is rated HIGH.
Why is this Significant? This is significant because attackers have reportedly started to exploit CVE-2023-29336 in real time attacks. CISA added the vulnerability to the Known Exploited Vulnerabilities (KEV) catalog on May 9th, 2023. As such, patches should be applied as soon as possible.
What is the Vendor Solution?
Microsoft has issued a patch for this on May 9th, 2023.
What FortiGuard Coverage is available? FortiGuard Labs has the following IPS signature in place that will prevent exploitation of CVE-2023-29336:

MS.Windows.Win32k.CVE-2023-29336.Elevation.of.Privilege

Appendix

Win32k Elevation of Privilege Vulnerability (Microsoft)

Known Exploited Vulnerabilities Catalog (CISA)

MS.Windows.Win32k.CVE-2023-29336.Elevation.of.Privilege (FortGuard)


ID 39
Date May 09, 2023
CVE ID CVE-2023-29336
Threat/
Vulnerability		 Elevation of Privilege
FortiGate Device Triggered
Threat Actor Type
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services