CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Oct 25, 2023
High
CISA KEVCVE-2023-28229
Microsoft—Windows CNG Key Isolation Service
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.
Required Action
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28229; https://nvd.nist.gov/vuln/detail/CVE-2023-28229
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Oct 4, 2023
- KEV Added
- Oct 4, 2023
- Due Date
- Oct 25, 2023
- Related Articles
- 0
Vendor
Microsoft
Windows CNG Key Isolation Service