CVE-2023-28252

Published Apr 11, 2023

Last updated 6 months ago

Exploit knownCVSS high 7.8
Server

Overview

Description
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_20h2, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Exploit added on
Apr 11, 2023
Exploit action due
May 2, 2023
Required action
Apply updates per vendor instructions.

Weaknesses

secure@microsoft.com
CWE-122
nvd@nist.gov
CWE-787

Social media

Hype score
Not currently trending

  1. Microsoft 在四月补丁日修复该漏洞[2],并将其标记为CVE-2023-28252(Windows 通用日志文件系统驱动程序特权提升漏洞)。图是在打补丁前系统上的运行截图,通过漏洞利用完成提权 https://t.co/NBNPKGQyRx https://t.co/iii4kmq6wg

    @lksndcv354sef

    15 Dec 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. :Microsoft 在四月补丁日修复该漏洞[2],并将其标记为CVE-2023-28252(Windows 通用日志文件系统驱动程序特权提升漏洞)。图是在打补丁前系统上的运行截图,通过漏洞利用完成提权 https://t.co/19Lcc29edd https://t.co/c1zZxniFe3

    @jkshekfh25se

    15 Dec 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. The Akira ransomware group has earned over $244M by exploiting VMware ESXi servers and multiple vulnerabilities like CVE-2024-40766 and CVE-2023-28252, using credential theft and brute-force tactics. #AkiraGroup #RansomwareAttack #VMware https://t.co/XdFZRcysSD

    @TweetThreatNews

    14 Nov 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Threat Alert: PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware CVE-2025-29824 CVE-2025-24983 CVE-2023-28252 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/zGwGbSy81X #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    16 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.CVE-2026-33826
  2. Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.CVE-2026-33829
  3. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.CVE-2026-33827
  4. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824
  5. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.CVE-2026-33104

References

Sources include official advisories and independent security research.