CVE-2023-21674

HIGH KEV

Microsoft Windows ALPC - Elevation of Privilege

Title source: llm

Exploitation Summary

CVE-2023-21674 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 10, 2023. EIP tracks 1 public exploit from researchers including hd3s5aa.

AI-analyzed exploit summary This is a working proof-of-concept exploit for CVE-2023-21674, a Windows ALPC vulnerability leading to a use-after-free (UAF) condition. The exploit demonstrates privilege escalation by manipulating worker factory objects and ALPC ports to trigger the vulnerability.

Description

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 38 stars

by hd3s5aa · local

https://github.com/hd3s5aa/CVE-2023-21674

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2023-21674, a Windows ALPC vulnerability leading to a use-after-free (UAF) condition. The exploit demonstrates privilege escalation by manipulating worker factory objects and ALPC ports to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Microsoft Windows (ALPC component)

No auth needed

Prerequisites: Windows environment with vulnerable ALPC implementation

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21674

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21674

Scores

CVSS v3 8.8

EPSS 0.4154

EPSS Percentile 98.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-01-10

VulnCheck KEV 2023-01-10

InTheWild.io 2023-01-10

ENISA EUVD EUVD-2023-25841

CWE

CWE-416

Status published

Products (13)

microsoft/windows_10_1507 < 10.0.10240.19685

microsoft/windows_10_1607 < 10.0.14393.5648

microsoft/windows_10_1809 < 10.0.17763.3887

microsoft/windows_10_20h2 < 10.0.19042.2486

microsoft/windows_10_21h2 < 10.0.19044.2486

microsoft/windows_10_22h2 < 10.0.19045.2486

microsoft/windows_11_21h2 < 10.0.22000.1455

microsoft/windows_11_22h2 < 10.0.22621.1105

microsoft/windows_rt_8.1

microsoft/windows_server_2012 r2

... and 3 more

Published Jan 10, 2023

KEV Added Jan 10, 2023

Tracked Since Feb 18, 2026