all InfoSec news
Micropatches Released For Two Windows CNG Key Isolation Service Vulnerabilities (CVE-2023-28229, CVE-2023-36906)
Malware Analysis, News and Indicators - Latest topics malware.news
Last month, security researcher @k0shl of Cyber Kunlun published a proof-of-concept for CVE-2023-28229, an elevation of privilege vulnerability in CNG Key Isolation Service. The same POC also demonstrated exploitation of CVE-2023-36906, an information disclosure vulnerability in the same service discovered by the same researcher.
Microsoft had previously provided fixes for these issues in April and August 2023, respectively. According to CISA, CVE-2023-28229 was found to be exploited in the wild.
CVE-2023-28229
This bug is a race condition …
concept cve cyber disclosure elevation of privilege exploitation fixes information information disclosure information disclosure vulnerability isolation key microsoft poc privilege proof proof-of-concept researcher security security researcher service vulnerabilities vulnerability windows