CVE-2023-38143 – This vulnerability in the Windows Common Log Fi... (How to Fix)

Q: What is the severity of CVE-2023-38143?

CVE-2023-38143 has a CVSS score of 7.8 (HIGH). This vulnerability in the Windows Common Log File System (CLFS) driver allows attackers to gain SYSTEM-level privileges on affected systems. It affects Windows operating systems and requires an attacker to already have some level of access to the target system. Successful exploitation would enable complete system compromise.

📋 TL;DR

This vulnerability in the Windows Common Log File System (CLFS) driver allows attackers to gain SYSTEM-level privileges on affected systems. It affects Windows operating systems and requires an attacker to already have some level of access to the target system. Successful exploitation would enable complete system compromise.

💻 Affected Systems

Products:

Windows Common Log File System Driver

Versions: Multiple Windows versions - see Microsoft advisory for specific affected versions

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected Windows versions are vulnerable. The CLFS driver is a core Windows component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with SYSTEM privileges, enabling installation of malware, data theft, lateral movement, and persistence mechanisms.

🟠

Likely Case

Privilege escalation from a lower-privileged account to SYSTEM, allowing attackers to bypass security controls and execute arbitrary code.

🟢

If Mitigated

Limited impact if proper patch management and least privilege principles are enforced, though local attackers could still escalate privileges.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring initial access to the system.

🏢 Internal Only: HIGH - Once an attacker gains initial foothold (via phishing, compromised credentials, etc.), they can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and some technical knowledge. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply the latest Windows security updates from Microsoft

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38143

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Click 'Check for updates'
3. Install all available security updates
4. Restart the system when prompted

🔧 Temporary Workarounds

No known workarounds

windows

Microsoft has not published any workarounds for this vulnerability

🧯 If You Can't Patch

Implement strict least privilege principles - ensure users don't have unnecessary local admin rights
Monitor for suspicious privilege escalation attempts using endpoint detection and response (EDR) tools

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for the specific security update KB number mentioned in Microsoft's advisory

Check Version:

wmic os get caption, version, buildnumber, csdversion

Verify Fix Applied:

Verify the security update is installed via Windows Update history or by checking system version

📡 Detection & Monitoring

Log Indicators:

Unusual process creation with SYSTEM privileges
Suspicious driver loading events
Failed privilege escalation attempts in security logs

Network Indicators:

Not applicable - this is a local privilege escalation vulnerability

SIEM Query:

EventID=4688 AND NewProcessName contains 'cmd.exe' OR 'powershell.exe' AND SubjectUserName!=SYSTEM AND TokenElevationType=%%1938

📊 Metadata

CVE ID: CVE-2023-38143

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: September 12, 2023

Last Updated: April 8, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38143 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38143 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38143, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

No known workarounds

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities