CVE-2023-36427

HIGH

Windows Hyper-V - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36427. PoCs published by tandasat.

AI-analyzed exploit summary This PoC exploits CVE-2023-36427, a memory corruption vulnerability in Windows, by manipulating MSR registers and patching a kernel variable to achieve arbitrary physical address writes from the root partition. The exploit requires a system hibernate cycle to trigger the vulnerability.

Description

Windows Hyper-V Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 90 stars
by tandasat · poc
https://github.com/tandasat/CVE-2023-36427

This PoC exploits CVE-2023-36427, a memory corruption vulnerability in Windows, by manipulating MSR registers and patching a kernel variable to achieve arbitrary physical address writes from the root partition. The exploit requires a system hibernate cycle to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows (specific versions affected by CVE-2023-36427)
Auth required
Prerequisites: Kernel-mode execution context · HFI (Hardware Feedback Interface) support · Physical address control
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.0
EPSS 0.0149
EPSS Percentile 70.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (9)
microsoft/windows_10_1809 < 10.0.17763.5122
microsoft/windows_10_21h2 < 10.0.19041.3693
microsoft/windows_10_22h2 < 10.0.19045.3693
microsoft/windows_11_21h2 < 10.0.22000.2600
microsoft/windows_11_22h2 < 10.0.22621.2715
microsoft/windows_11_23h2 < 10.0.22631.2715
microsoft/windows_server_2019
microsoft/windows_server_2022
microsoft/windows_server_2022_23h2 < 10.0.25398.531
Published Nov 14, 2023
Tracked Since Feb 18, 2026