CVE-2023-21688

HIGH

NT OS Kernel - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-21688. PoCs published by hyunjungg.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2023-21688, targeting a use-after-free (UAF) vulnerability in the Windows ALPC (Advanced Local Procedure Call) mechanism. The exploit leverages ALPC port manipulation and thread synchronization to trigger the UAF condition, potentially leading to local privilege escalation (LPE).

Description

NT OS Kernel Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC

by hyunjungg · poc

https://github.com/hyunjungg/CVE-2023-21688

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2023-21688, targeting a use-after-free (UAF) vulnerability in the Windows ALPC (Advanced Local Procedure Call) mechanism. The exploit leverages ALPC port manipulation and thread synchronization to trigger the UAF condition, potentially leading to local privilege escalation (LPE).

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Microsoft Windows (specific version not specified in the provided code)

No auth needed

Prerequisites: Local access to the target system · Ability to execute arbitrary code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 09, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21688

Scores

CVSS v3 7.8

EPSS 0.0360

EPSS Percentile 88.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (15)

microsoft/windows_10_1507 < 10.0.10240.19747 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.5717 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.4010 (3 CPE variants)

microsoft/windows_10_20h2 < 10.0.19042.2604 (3 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.2604 (3 CPE variants)

microsoft/windows_10_22h2 < 10.0.19045.2604 (3 CPE variants)

microsoft/windows_11_21h2 < 10.0.22000.1574 (2 CPE variants)

microsoft/windows_11_22h2 < 10.0.22621.1265 (2 CPE variants)

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2 sp1

... and 5 more

Published Feb 14, 2023

Tracked Since Feb 18, 2026