{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-030.pdf"
    },
    "title": "Sysmon - Local Privilege Escalation Vulnerability",
    "serial_number": "2023-030",
    "publish_date": "15-05-2023 15:58:32",
    "description": "On May 9, 2023, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon. It is identified as CVE-2023-29343 and could allow an attacker to gain SYSTEM privileges with low attack complexity and without any interaction from a user.<br>\nMicrosoft currently assesses that the likelihood of exploitation is low due to the lack of a publicly available Proof of Concept exploit, however, it is strongly recommended to update to the latest available Sysmon version.<br>\n",
    "url_title": "2023-030",
    "content_markdown": "--- \ntitle: 'Sysmon -- Local Privilege\u00a0Escalation\u00a0Vulnerability' \nversion: '1.0'\nnumber: '2023-030'\noriginal_date: 'May 9, 2023'\ndate: 'May 15, 2023'\n---\n\n_History:_\n\n* _15/05/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn May 9, 2023, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon. It is identified as **CVE-2023-29343** and could allow an attacker to gain SYSTEM privileges with low attack complexity and without any interaction from a user.\n\nMicrosoft currently assesses that the likelihood of exploitation is low due to the lack of a publicly available Proof of Concept exploit, however, it is strongly recommended to update to the latest available Sysmon version [1,2].\n\n# Technical Detail\n\nAs of the time of writing this advisory, the technical details of this flaw are unknown and an exploit is not yet available.\n\n# Products Affected\n\nThe vulnerability affects Sysmon products prior to **version 14.16**.\n\n# Recommendations\n\nIt is highly recommended to update to Sysmon **version 14.16**.\n\n# References\n\n[1] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343>\n\n[2] <https://arcticwolf.com/resources/blog/cve-2023-29343-sysmon-local-privilege-escalation-vulnerability/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/05/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On May 9, 2023, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon. It is identified as <strong>CVE-2023-29343</strong> and could allow an attacker to gain SYSTEM privileges with low attack complexity and without any interaction from a user.</p><p>Microsoft currently assesses that the likelihood of exploitation is low due to the lack of a publicly available Proof of Concept exploit, however, it is strongly recommended to update to the latest available Sysmon version [1,2].</p><h2 id=\"technical-detail\">Technical Detail</h2><p>As of the time of writing this advisory, the technical details of this flaw are unknown and an exploit is not yet available.</p><h2 id=\"products-affected\">Products Affected</h2><p>The vulnerability affects Sysmon products prior to <strong>version 14.16</strong>.</p><h2 id=\"recommendations\">Recommendations</h2><p>It is highly recommended to update to Sysmon <strong>version 14.16</strong>.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://arcticwolf.com/resources/blog/cve-2023-29343-sysmon-local-privilege-escalation-vulnerability/\">https://arcticwolf.com/resources/blog/cve-2023-29343-sysmon-local-privilege-escalation-vulnerability/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}