KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

PRO Back to KEVs

7.8

CVSS
High

CVE-2023-36424

PUBLISHED

Windows Common Log File System Driver Elevation of Privilege Vulnerability

1 day faster than CISA KEV

Exploited in the wild PoC available Low complexity No user interaction

Vendor: Microsoft
Product: Windows 11 version 22H3, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 23H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
Published: Nov 14, 2023
EPSS: 9.8% · 93% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Windows Common Log File System Driver Elevation of Privilege Vulnerability

windows cisa microsoft

Weaknesses (CWE)

CWE-125

Out-of-bounds Read

CVSS scores

CVSS v3.1 7.8 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 13:30:34 UTC · CISA

Proof of concept available

Recorded 2024-03-21 21:39:24 UTC · GitHub

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 13:07 UTC
CISA	2026-06-02 14:02 UTC

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

zerozenxlabs/CVE-2023-36424

github · Created 2024-03-21 21:39:24 UTC · 127 stars

Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation

Timeline

CVE ID Reserved

2023-06-21 15:14 UTC
CVE Published to Public

2023-11-14 17:57 UTC
Proof of Concept Exploit Available

2024-03-21 21:39 UTC
Added to KEVIntel

2026-06-01 13:07 UTC
KEV confirmed by CISA

2026-06-02 14:02 UTC