CVE-2023-29336

ENISA EUVD: EUVD-2023-32910 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 4 articles Published: 2023-05-09
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
76.66%
probability
This CVE has a 76.66% probability of being exploited in the next 30 days.
0% Top 99.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Temporal
Exploit Code Maturity
Unproven
Remediation Level
Official Fix
Report Confidence
Confirmed
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Description

NVD
Win32k Elevation of Privilege Vulnerability

Affected Products

Microsoft
Windows 10 Version 1507
10.0.10240.0
Microsoft
Windows 10 Version 1607
10.0.14393.0
Microsoft
Windows Server 2016
10.0.14393.0
Microsoft
Windows Server 2016 (Server Core installation)
10.0.14393.0
Microsoft
Windows Server 2008 Service Pack 2
6.0.6003.0

Attack Intelligence

Google Project Zero

Patched
May 9, 2023
Reported by
Jan Vojtěšek, Milánek, and Luigino Camastra with Avast
Root Cause Analysis
???

Exploits & PoC

m-cetin/CVE-2023-29336
21 2023-06-09
1 repo — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
78%
EPSS 76.66%
CVSS v3.1 7.8
Mentions 4
Last Seen May 10, 2023

CNA Information

CNA Assigner
microsoft
CNA Title
Win32k Elevation of Privilege Vulnerability

Analyst Note

This Win32k elevation of privilege vulnerability in Windows 10 is confirmed by CERT-EU security advisory coverage and carries a HIGH CVSS score (7.8), indicating substantial severity. While not yet listed in CISA KEV, inclusion in Project Zero and official patch documentation from Microsoft's May 2023 update provides strong validation of the vulnerability's authenticity.

Triage Info

Decided atMar 03, 2026
Published DateMay 09, 2023