CVE-2023-29336: If you're not on Windows 11, you're at risk

A new research showcases just how easy you can be hacked.

News

Reading time icon 3 min. read

Calendar icon Published on

by Flavius Floare 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • The research stresses that Windows 11 systems are safe from this vulnerability.
  • However, if you're on older Windows versions, you're at a significant risk.
  • Fortunately, you can always update your Windows to the latest version.
CVE-2023-29336

CVE-2023-29336 has caused a great deal of damage to all versions of Windows. The vulnerability has a CVSS score of 7.8, and it offers an elevation of privilege to whoever successfully exploits it. Basically, if your computer would be affected by this vulnerability, you could lose all access to it.

The vulnerability resides within Win32k.sys Windows component, which is an integral driver file in the operating system. This driver file provides the interface between the user-mode applications and the Windows graphical subsystem. From there, PCs can be easily exploited in attacks.

Microsoft addressed this CVE-2023-29336 vulnerability last month, with the release of May Patch Tuesday. And, to make matters urgent, the vulnerability was being actively exploited at the time of the release.

One month later, researchers from the cybersecurity Numen Cyber published an in-depth analysis of the CVE-2023-29336 vulnerability, along with a PoC (proof of concept) exploitation of it on Windows Server 2016.

You’re still at risk of a CVE-2023-29336 vulnerability attack if you’re not on Windows 11, 10

According to the research, exploiting this particular vulnerability is not really a challenging task. This means everybody with a bit of hacking talent can attack your computer. And if you’re not yet on Windows 11, or 10, who received critical updates, especially for this vulnerability, then you might be at significant risk.

Exploiting this particular vulnerability does not generally pose significant challenges. Apart from diligently exploring different methods to gain control over the first write operation using the reoccupied data from freed memory, there is typically no need for novel exploitation techniques. While there may have been some modifications, if this issue is not thoroughly addressed, it remains a security risk for older systems.

Numen Cyber

So, if you’re operating with sensible data on older Windows versions, you might want to update to either Windows 10 or 11. And if you’re afraid that you will lose your data while doing so, you should know that you can update to Windows 11 and keep your files.

The security firm also posted the code of the exploit on GitHub. If you’re interested to see the few hundred lines that have been destroying PCs for a while, take a look.

However, the Win32k.sys flaw which allows for the CVE-2023-29336 vulnerability to happen is non-exploitable on Windows 11.

But the older Windows versions are not so lucky. And maybe this research encourages others to get on Windows 11 as soon as possible.

What do you think about this vulnerability? Do you have any experience with it? Let us know in the comments section below.

More about the topics: Cybersecurity, Windows 11

Flavius Floare

Flavius Floare Shield

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling. He's always curious and ready to take on everything new in the tech world, covering Microsoft's products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that's always ready to bring you the bleeding edge!