CVE-2023-23376

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 8 articles
VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24
17.85%
probability
This CVE has a 17.85% probability of being exploited in the next 30 days.
0% Top 95.2th percentile of all CVEs 100%

CVSS v3.1

Source: NVD
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

NVD
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Affected Products

microsoft
windows 10 1507
microsoft
windows 10 1607
microsoft
windows 10 1809
microsoft
windows 10 20h2
microsoft
windows 10 21h2

Attack Intelligence

Google Project Zero

Patched
Feb. 14, 2023
Reported by
Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC)
Root Cause Analysis
???

Signal Intelligence

Confidence
78%
EPSS 17.85%
CVSS v3.1 7.8
Mentions 8
Last Seen Apr 11, 2023

CNA Information

Analyst Note

This CVE is confirmed as a legitimate Windows elevation of privilege vulnerability with a HIGH CVSS score (7.8) affecting Windows 10. The vulnerability was documented by CERT-EU in an official security advisory and has been tracked by Project Zero, providing credible third-party validation despite the limited public article coverage.

Threat Actors 11

Lazarus Group
apt_group Information theft and espionage 🇰🇵 KP
Cobalt
apt_group Financial crime 🇷🇺 RU
Hacking Team
apt_group 🇮🇹 IT
LAPSUS
apt_group 🇬🇧 GB
Group 27
apt_group Information theft and espionage 🇨🇳 CN
Earth Lamia
apt_group Information theft and espionage 🇨🇳 CN
Roaming Mantis
apt_group 🇯🇵 JP
Rocke
apt_group 🇨🇳 CN
Red Dev 17
apt_group 🇨🇳 CN
Red October
apt_group 🇷🇺 RU
Mana Team
apt_group 🇨🇳 CN

Triage Info

Decided atMar 03, 2026