CVE-2023-29359

Q: What is the severity of CVE-2023-29359?

CVE-2023-29359 has a CVSS score of 7.8 (HIGH). CVE-2023-29359 is a Windows Graphics Device Interface (GDI) vulnerability that allows local attackers to escalate privileges from a low-privileged user account to SYSTEM level. This affects Windows operating systems where an attacker could execute arbitrary code with elevated privileges. The vulnerability requires local access to the target system.

7.8 HIGH

📋 TL;DR

CVE-2023-29359 is a Windows Graphics Device Interface (GDI) vulnerability that allows local attackers to escalate privileges from a low-privileged user account to SYSTEM level. This affects Windows operating systems where an attacker could execute arbitrary code with elevated privileges. The vulnerability requires local access to the target system.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Windows versions are vulnerable. The vulnerability is in the GDI component which is core to the Windows operating system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains SYSTEM privileges, enabling installation of malware, data theft, persistence mechanisms, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, access sensitive data, and maintain persistence on compromised systems.

🟢

If Mitigated

Limited impact with proper patch management, least privilege principles, and endpoint protection that detects privilege escalation attempts.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Significant risk for internal systems where attackers could gain initial access through phishing or other methods and then escalate privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and low-privileged user credentials. The vulnerability has been publicly disclosed and proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2023 security updates (KB5026361 for Windows 10, KB5026372 for Windows 11, etc.)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359

Restart Required: Yes

Instructions:

1. Apply the May 2023 Windows security updates through Windows Update. 2. For enterprise environments, deploy updates through WSUS, SCCM, or Intune. 3. Restart systems after patch installation.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Implement least privilege principles to limit the impact of successful exploitation

Enable Windows Defender Exploit Guard

windows

Configure exploit protection to mitigate privilege escalation attempts

🧯 If You Can't Patch

Implement strict access controls and limit local administrative privileges
Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for May 2023 security updates or run 'systeminfo' command and verify build numbers

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify that May 2023 security updates are installed through Windows Update or check system build numbers

📡 Detection & Monitoring

Log Indicators:

Windows Security Event ID 4688 (process creation) showing unexpected SYSTEM privilege processes
Event ID 4672 (special privileges assigned to new logon)

Network Indicators:

Lateral movement attempts following privilege escalation
Unexpected outbound connections from previously low-privileged accounts

SIEM Query:

EventID=4688 AND NewProcessName="*" AND SubjectUserName!="SYSTEM" AND TokenElevationType="%%1936"

📊 Metadata

CVE ID: CVE-2023-29359

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: June 14, 2023

Last Updated: April 8, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user privileges

Enable Windows Defender Exploit Guard

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities