Threat Advisories - NVD Disclosed April 11, 2023

CVE-2023-28252

Windows Common Log File System Driver Privilege Escalation Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the Windows Common Log File System Driver allows for privilege escalation. This could enable an attacker with local access to gain elevated permissions on affected systems, potentially impacting system integrity and data confidentiality. The exploitation of this vulnerability requires local access an

NVD published: April 11, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-28229

Windows CNG Key Isolation Service Privilege Escalation.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

The Windows CNG Key Isolation Service has a vulnerability that allows a local attacker to gain elevated privileges. This presents a business risk of unauthorized access to sensitive data and system functions, potentially leading to a complete host compromise. Organizations should identify and mitigate this risk across

NVD published: April 11, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-29492

Novi Survey Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical vulnerability in Novi Survey allows remote attackers to execute arbitrary code on the server. This does not affect survey or response data, but could lead to server compromise. Organizations using affected versions face a high business risk.

NVD published: April 11, 2023 • CISA KEV