CVE-2023-21771: 
vulnerability analysis and mitigation

CVE-2023-21771 is a Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability that was disclosed on January 10, 2023. The vulnerability affects multiple versions of Microsoft Windows including Windows 10 (20H2, 21H2, 22H2), Windows 11 (21H2, 22H2), and Windows Server 2022 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is associated with two CWE classifications: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization - Race Condition) and CWE-591 (Sensitive Data Storage in Improperly Locked Memory) (NVD).

This elevation of privilege vulnerability in the Windows Local Session Manager could allow an attacker to gain higher privileges on the affected system. The vulnerability impacts confidentiality, integrity, and availability of the system, all rated as High according to the CVSS metrics (Rapid7).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB updates including KB5022282 for Windows 10, KB5022287 for Windows 11 21H2, KB5022303 for Windows 11 22H2, and KB5022291 for Windows Server 2022 (Rapid7).