What is the severity of CVE-2023-21767?

CVE-2023-21767 is rated as a high severity elevation of privilege vulnerability.

How do I fix CVE-2023-21767?

To resolve CVE-2023-21767, apply the latest security updates provided by Microsoft for affected Windows versions.

Which versions of Windows are affected by CVE-2023-21767?

CVE-2023-21767 affects multiple Windows versions including Windows 10, Windows 11, Windows Server 2016, 2019, and 2022.

Can CVE-2023-21767 be exploited remotely?

CVE-2023-21767 requires local access to the system for exploitation, which limits its impact.

Are there any known attack vectors for CVE-2023-21767?

Attackers may exploit CVE-2023-21767 through local execution of malicious code to gain elevated privileges.

Vulnerability/
CVE-2023-21767

high

7.8

CWE

10/1/2023

1/1/2025

CVE-2023-21767: Windows Overlay Filter Elevation of Privilege Vulnerability

First published: Tue Jan 10 2023(Updated: )

Windows Overlay Filter Elevation of Privilege Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows 11	=21H2	fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows Server 2012 R2		fix available externally fix available externally
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows 10	=20H2	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 8.1 for x64-based systems		fix available externally fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows 8.1 for 32-bit systems		fix available externally fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows Server 2016		fix available externally
Microsoft Windows 10	=22H2	fix available externally
Microsoft Windows Server 2022		fix available externally
Microsoft Windows 11	=21H2	fix available externally
Microsoft Windows Server 2022		fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 10	=1809	fix available externally
Microsoft Windows 11	=22H2	fix available externally
Microsoft Windows Server 2019		fix available externally
Microsoft Windows 10		fix available externally
Microsoft Windows 11	=22H2	fix available externally
Microsoft Windows 10	=21H2	fix available externally
Microsoft Windows Server 2012 R2		fix available externally fix available externally
Microsoft Windows 10	=1607	fix available externally
Microsoft Windows RT		fix available externally
Microsoft Windows 10
Microsoft Windows 10	=20h2
Microsoft Windows 10	=21h2
Microsoft Windows 10	=22h2
Microsoft Windows 10	=1607
Microsoft Windows 10	=1809
Microsoft Windows 11
Microsoft Windows 11
Microsoft Windows 11	=21h2
Microsoft Windows 11	=21h2
Microsoft Windows 11	=22h2
Microsoft Windows 11	=22h2
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows Server 2012 x64
Microsoft Windows Server 2012 x64	=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2022

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21767 (Advisory)

Frequently Asked Questions

What is the severity of CVE-2023-21767?
CVE-2023-21767 is rated as a high severity elevation of privilege vulnerability.
How do I fix CVE-2023-21767?
To resolve CVE-2023-21767, apply the latest security updates provided by Microsoft for affected Windows versions.
Which versions of Windows are affected by CVE-2023-21767?
CVE-2023-21767 affects multiple Windows versions including Windows 10, Windows 11, Windows Server 2016, 2019, and 2022.
Can CVE-2023-21767 be exploited remotely?
CVE-2023-21767 requires local access to the system for exploitation, which limits its impact.
Are there any known attack vectors for CVE-2023-21767?
Attackers may exploit CVE-2023-21767 through local execution of malicious code to gain elevated privileges.

collector/msrc-cve
agent/type
agent/first-publish-date
agent/title
agent/references
agent/severity
agent/description
source/Microsoft
agent/software-canonical-lookup
agent/weakness
agent/author
agent/softwarecombine
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
collector/nvd-index
vendor/microsoft
canonical/microsoft windows 10
version/microsoft windows 10/20h2
version/microsoft windows 10/22h2
canonical/microsoft windows 11
version/microsoft windows 11/21h2
canonical/microsoft windows server 2019
canonical/microsoft windows server 2012 r2
version/microsoft windows 10/1809
canonical/microsoft windows 8.1 for x64-based systems
canonical/microsoft windows server 2016
version/microsoft windows 10/21h2
canonical/microsoft windows 8.1 for 32-bit systems
canonical/microsoft windows server 2022
version/microsoft windows 10/1607
version/microsoft windows 11/22h2
canonical/microsoft windows rt
canonical/microsoft windows 8.1
canonical/microsoft windows server 2012 x64
version/microsoft windows server 2012 x64/r2