Appsecure logo

CVE-2023-28229: High Vulnerability in Microsoft Windows CNG Key Isolation Service

A high-severity vulnerability in Microsoft Windows CNG Key Isolation Service could allow for privilege escalation. Organizations should prioritize remediation to protect against potential exploitation.

HIGHKnown ExploitedCVSS 7 · Published April 11, 2023

Not a customer? See how AppSecure simulates real world attacks to protect your infrastructure.

Speak to Experts

CVE-2023-28229 is a high-severity vulnerability affecting Microsoft Windows CNG Key Isolation Service. This vulnerability allows attackers with low-level privileges to escalate their privileges, potentially gaining unauthorized access to sensitive system resources. With a CVSS score of 7, it is categorized as high, indicating a significant risk to affected systems.

The real-world risk context for organizations includes potential unauthorized access to sensitive data and system functions. Given that this vulnerability can be exploited locally with a high attack complexity, it is crucial for organizations to understand their exposure and take immediate action to mitigate this risk.

Currently, there is known exploit activity related to this vulnerability, which increases the urgency for organizations to patch their systems. Organizations should prioritize patching immediately to prevent exploitation and safeguard their environments.

In light of the critical nature of this vulnerability, it is essential for security teams to assess their systems for exposure and apply the necessary updates as soon as possible.

Vulnerability Details

The official description of CVE-2023-28229 is the 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.' The vulnerability type is classified as privilege escalation. The CVSS score is 7, indicating a high severity level, and the vulnerability affects various versions of Microsoft Windows, including Windows 10 and Windows Server editions.

The vulnerability was published on April 11, 2023, and it falls under the CWE classification of CWE-591.

Technical Analysis

The root cause of CVE-2023-28229 is related to improper isolation of the Windows CNG Key Isolation Service, which allows for privilege escalation. The attack vector is local, requiring low privileges to exploit, with a high attack complexity.

User interaction is not required to exploit this vulnerability. The impacts on confidentiality, integrity, and availability are all rated as high, meaning that successful exploitation could lead to a complete compromise of the affected system.

Risk & Impact Analysis

The deployment risk for this vulnerability is significant. Organizations using the affected Windows versions must understand the potential blast radius if exploited. The urgency for remediation is high, given the CVSS score and the fact that this vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog.

Organizations should assess their environments for exposure and prioritize patching this vulnerability in their patch management cycle.

Exploitation Status

Signal

Status

Known Exploit

Yes

Public PoC

Yes

Actively Exploited

Yes

Ransomware Use

No

Affected Versions

The following versions are affected by CVE-2023-28229: Windows 10 (all versions prior to 10.0.19045.2846), Windows 11 (all versions prior to 10.0.22621.1555), and various editions of Windows Server (2008, 2012, 2016, 2019, 2022). Organizations should ensure they are running the latest versions to mitigate this vulnerability.

Mitigation & Remediation

Organizations should apply the latest patches provided by Microsoft for this vulnerability. For those unable to apply patches immediately, it is advised to implement the necessary mitigations as specified in the vendor's guidance.

For further details on mitigation strategies, organizations can refer to the vendor's advisory on this vulnerability.

Detection Guidance

Organizations should monitor logs for any unusual access patterns or behaviors that could indicate exploitation of this vulnerability. Behavioral anomalies should be investigated promptly to ensure system integrity.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2023-28229 lies in its potential to be exploited for privilege escalation, which can lead to further compromises within affected environments. Security teams should consider this vulnerability as part of their broader vulnerability management program.

This incident highlights the importance of maintaining up-to-date systems and implementing proactive security measures. Security teams should also strengthen their defenses against potential exploitation of similar vulnerabilities.

For additional insights, organizations may benefit from reviewing related resources on vulnerability management and penetration testing methodologies to bolster their security posture.

Known Exploitation Timeline

CVE-2023-28229 was added to the KEV catalog on October 4, 2023, indicating active exploitation in the wild. Organizations should prioritize remediation efforts before the due date of October 25, 2023.

EPSS Risk Context

The EPSS score for this vulnerability is 0.1019, placing it in the 93rd percentile. This indicates a relatively high probability of exploitation, reinforcing the urgency for organizations to address it promptly.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Latest CVEs. Recently published vulnerabilities from the NVD database.

View all vulnerabilities
CVE IDSeverity
CVE-2025-65418HIGH
CVE-2025-65417MEDIUM
CVE-2025-65416MEDIUM
CVE-2025-65415MEDIUM
CVE-2025-61314HIGH

Protect Your Business with Hacker-Focused Approach.