CVE-2023-28229
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
CVSS
—
No CVSS
EPSS
1.9%
p77
KEV
YES
Oct 4, 2023
Exploit Today
73
0-100
Published: — · Last modified: —
Product
Microsoft / Windows CNG Key Isolation Service
Vulnerability
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Added to KEV
Oct 4, 2023
Remediate by
Oct 25, 2023
Known ransomware use
No
Summary description
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28229; https://nvd.nist.gov/vuln/detail/CVE-2023-28229
No related CVEs by CWE or product.