CVE-2023-28252

unknown KEV

Published 2023-04-11 · Modified 2023-04-11

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

2.5

Description

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

CISA KEV

Vendor: Microsoft
Product: Windows
Due date: 2023-05-02

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Microsoft Security Response Center · View original ↗ · proprietary-no-redistribution

Full prose not cached — VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.

Affected

Vendor	Product	Version
microsoft	Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
microsoft	Windows Server 2008 R2 for x64-based Systems Service Pack 1
microsoft	Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
microsoft	Windows Server 2012
microsoft	Windows Server 2012 (Server Core installation)
microsoft	Windows Server 2012 R2
microsoft	Windows Server 2012 R2 (Server Core installation)
microsoft	Microsoft Publisher 2013 Service Pack 1 (32-bit editions)
microsoft	Microsoft Publisher 2013 Service Pack 1 (64-bit editions)
microsoft	Microsoft SharePoint Foundation 2013 Service Pack 1
microsoft	Windows 10 for 32-bit Systems
microsoft	Windows 10 for x64-based Systems
microsoft	Microsoft Publisher 2016 (32-bit edition)
microsoft	Microsoft Publisher 2016 (64-bit edition)
microsoft	Windows Server 2016
microsoft	Windows 10 Version 1607 for 32-bit Systems
microsoft	Windows 10 Version 1607 for x64-based Systems
microsoft	Windows Server 2016 (Server Core installation)
microsoft	Microsoft SharePoint Enterprise Server 2016
microsoft	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
microsoft	Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE)
microsoft	Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE)
microsoft	Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)
microsoft	Microsoft SQL Server 2017 for x64-based Systems (GDR)
microsoft	Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE)
microsoft	Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE)
microsoft	Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE)
microsoft	Windows 10 Version 1809 for 32-bit Systems
microsoft	Windows 10 Version 1809 for x64-based Systems
microsoft	Windows 10 Version 1809 for ARM64-based Systems

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Metasploit modules

exploit_windows/local/cve_2023_28252_clfs_driver rank 400

Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability

Source fetch failed: fetch_error — view the original via the link above.

References

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252; https://nvd.nist.gov/vuln/detail/CVE-2023-28252

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.