CVE-2023-35358 – This Windows kernel vulnerability allows attack... (How to Fix)

Q: What is the severity of CVE-2023-35358?

CVE-2023-35358 has a CVSS score of 7.8 (HIGH). This Windows kernel vulnerability allows attackers to gain elevated system privileges by exploiting improper memory handling. It affects Windows systems where an attacker already has local access. Successful exploitation could lead to complete system compromise.

📋 TL;DR

This Windows kernel vulnerability allows attackers to gain elevated system privileges by exploiting improper memory handling. It affects Windows systems where an attacker already has local access. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Microsoft Windows

Versions: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the system; not exploitable remotely without initial access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with SYSTEM privileges, enabling installation of malware, data theft, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls and execute arbitrary code with higher privileges.

🟢

If Mitigated

Limited impact if proper patch management and least privilege principles are enforced, though local attackers could still escalate.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and some technical knowledge; proof-of-concept code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2023 security updates (KB5028185 for Windows 10, KB5028182 for Windows 11, etc.)

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35358

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install July 2023 security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Apply least privilege principles to limit local user accounts to only necessary permissions.

🧯 If You Can't Patch

Implement strict access controls and monitor for suspicious local privilege escalation attempts.
Use application whitelisting and endpoint detection to prevent unauthorized code execution.

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for July 2023 security updates or use 'systeminfo' command to verify OS build number.

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify that July 2023 security updates are installed via Windows Update history or 'wmic qfe list' command.

📡 Detection & Monitoring

Log Indicators:

Event ID 4688 (process creation) with suspicious parent-child privilege relationships
Unexpected SYSTEM privilege processes from non-admin users

Network Indicators:

Not applicable - local exploit only

SIEM Query:

EventID=4688 AND NewProcessName="*" AND SubjectUserName!="SYSTEM" AND TokenElevationType="%%1936"

📊 Metadata

CVE ID: CVE-2023-35358

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: July 11, 2023

Last Updated: January 1, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35358 Patch,Vendor Advisory
http://packetstormsecurity.com/files/174117/Microsoft-Windows-Kernel-Unsafe-Reference.html
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35358 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35358, you might also want to check these: