CVE-2023-29343: Sysmon Local Privilege Escalation Vulnerability

Share :

In a security advisory published on 9 May, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon (CVE-2023-29343). The vulnerability was discovered by an independent security researcher and was responsibly disclosed to Microsoft. Microsoft has released Sysmon version 14.16 to address this vulnerability. 

Because the vulnerability would require local access to a system running Sysmon in order to be exploited successfully, it is expected that this type of vulnerability could be used by threat actors to escalate privileges on an already compromised system rather than acting as an initial access vector. 

While Microsoft currently assesses that the likelihood of exploitation is low due to the lack of a publicly available proof-of-concept exploit, Arctic Wolf recommends upgrading to the latest available version of Sysmon on your organisation’s monitored endpoints.  

Recommendations for CVE-2023-29343

Recommendation: Upgrade Sysmon to version 14.16 

Arctic Wolf strongly recommends planning to upgrade Sysmon to version 14.16 as part of your organisation’s next patching cycle. This version of Sysmon has been patched to address the local privilege escalation vulnerability described in this bulletin. 

The latest version of the Arctic Wolf Sysmon Assistant application supports upgrading Sysmon in place without the need for manual uninstallation and reinstallation. To perform the Sysmon update, please review the instructions for updating the Sysmon Assistant and Sysmon as it is related to your software deployment process via the update instructions on this page. 

References 

James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents
Categories