BDU:2023-00458

BDU

MediumConfirmedExploit available

Уязвимость компонента Overlay Filter операционных систем Windows связана с ошибками синхронизации при использовании общего ресурса («Ситуац…

CVSS

4.7

Medium

EPSS

0.00

Published

2023-01-01

Updated

2023-01-01

Description

Уязвимость компонента Overlay Filter операционных систем Windows связана с ошибками синхронизации при использовании общего ресурса («Ситуация гонки»). Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации

Affected products

Microsoft corp Windows_10Microsoft corp Windows_10_1607Microsoft corp Windows_10_1809Microsoft corp Windows_10_20h2Microsoft corp Windows_10_21h1Microsoft corp Windows_10_21h2Microsoft corp Windows_11_21h2Microsoft corp Windows_11_22h2Microsoft corp Windows_server_2016Microsoft corp Windows_server_2016Microsoft corp Windows_server_2019Microsoft corp Windows_server_2019Microsoft corp Windows_server_2022Microsoft corp Windows_server_2022Microsoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft Windows

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

2023-01-01

Published

2023-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: H

High (H)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: N

None (N)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

CVE-2023-21766

github-poc · https://github.com/Y3A/cve-2023-21766

Enterprise

Affected products

Microsoft

Windows Windows Server 2016 Windows Server 2019 Windows 10 Windows 10 1809 Windows Server 2022 Windows 10 1607 Windows 10 21h2 Windows 11 22h2 Windows 11 21h2+2

Product	Vendor	Status
windows_10	microsoft corp	Tracked
windows_10_1607	microsoft corp	Tracked
windows_10_1809	microsoft corp	Tracked
windows_10_20h2	microsoft corp	Tracked
windows_10_21h1	microsoft corp	Tracked
windows_10_21h2	microsoft corp	Tracked
windows_11_21h2	microsoft corp	Tracked
windows_11_22h2	microsoft corp	Tracked
windows_server_2016	microsoft corp	Tracked
windows_server_2016	microsoft corp	Tracked
windows_server_2019	microsoft corp	Tracked
windows_server_2019	microsoft corp	Tracked
windows_server_2022	microsoft corp	Tracked
windows_server_2022	microsoft corp	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Showing first 20 of 193

Source databases

BDU

MSR

Related vulnerabilities

CVE-2023-21766

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-21766@https://nvd.nist.gov/vuln/detail/CVE-2023-21766@https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21766