{"uuid": "ce68dece-f663-460c-ba0f-8586c25ad5a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28252", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1445", "content": "\ud83d\udc69\u200d\ud83d\udcbb Windows CLFS Driver Privilege Escalation\n\nThis vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization\u2019s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.\n\n\ud83d\udcca Affects version:\n\u2014 Windows 11 21H2 (clfs.sys version 10.0.22000.1574);\n\u2014 Windows 11 22H2; \n\u2014 Windows 10 21H2;\n\u2014 Windows 10 22H2;\n\u2014 Windows Server 2022.\n\nResearch: \n\ud83d\udd17 https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability\n\nExploit: \n\ud83d\udd17 https://github.com/duck-sec/CVE-2023-28252-Compiled-exe\n\n#windows #privesc #clfs #driver", "creation_timestamp": "2024-01-26T14:40:08.000000Z"}