CVE-2023-36424

HIGH KEV

Windows Common Log File System Driver - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2023-36424 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2026. EIP tracks 2 public exploits from researchers including zerozenxlabs.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2023-36424, targeting a vulnerability in Windows ALPC. The exploit code is written in C++ and appears to leverage low-level Windows APIs to manipulate ALPC messages, likely for local privilege escalation.

Description

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploits (2)

nomisec WORKING POC 128 stars

by zerozenxlabs · remote

https://github.com/zerozenxlabs/CVE-2023-36424

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2023-36424, targeting a vulnerability in Windows ALPC. The exploit code is written in C++ and appears to leverage low-level Windows APIs to manipulate ALPC messages, likely for local privilege escalation.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Microsoft Windows (specific version not specified in provided code)

No auth needed

Prerequisites: Local access to a vulnerable Windows system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/nassim-asrir/cve-2023-36424

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2023-36424, targeting a Windows ALPC (Advanced Local Procedure Call) vulnerability. The code includes detailed structures and function definitions for ALPC manipulation, suggesting a local privilege escalation (LPE) exploit.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Microsoft Windows (specific version not specified in the provided code)

No auth needed

Prerequisites: Windows system with vulnerable ALPC implementation

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36424

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424

Scores

CVSS v3 7.8

EPSS 0.0980

EPSS Percentile 93.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-04-13

VulnCheck KEV 2026-04-13

ENISA EUVD EUVD-2023-40389

CWE

CWE-125

Status published

Products (44)

Microsoft/Windows 10 Version 1507 10.0.10240.0 - 10.0.10240.20308

Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.6452

Microsoft/Windows 10 Version 1809 10.0.0 - 10.0.17763.5122

Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.5122

Microsoft/Windows 10 Version 21H2 10.0.19043.0 - 10.0.19043.3693

Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.3693

Microsoft/Windows 11 version 21H2 10.0.0 - 10.0.22000.2600

Microsoft/Windows 11 version 22H2 10.0.22621.0 - 10.0.22621.2715

Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.2715

Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.2715

... and 34 more

Published Nov 14, 2023

KEV Added Apr 13, 2026

Tracked Since Feb 18, 2026