The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and the Windows graphical subsystem.

The vulnerability is actively exploited in attacks. The issue can be chained with a code execution bug to spread malware. The vulnerability was reported by researchers Jan Vojtěšek, Milánek, and Luigino Camastra from Avast Antivirus firm. The researchers believe this flaw was used as part of an exploit chain to deliver malware.