Cyber Resilience

CVE-2023-36884

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 11 July 2023

Published
11 July 2023
Modified
28 October 2025
KEV Added
17 July 2023
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9297 99.8th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-36884 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2023-36884 is a remote code execution vulnerability in the Windows Search component, assigned CWE-362 for a race condition weakness. It carries a CVSS 3.1 score of 7.5 reflecting network attack vector, high attack complexity, no required privileges, and required user interaction, with high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can exploit the flaw over a network connection to execute arbitrary code on the target system, provided the victim performs a specific user action that triggers the race condition in Windows Search.

Microsoft security updates address the issue through the MSRC advisory, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog, indicating federal agencies must apply mitigations.

The vulnerability shows a high EPSS score with a current value of 0.9297 and a peak of 0.9325, and confirmed real-world exploitation activity has been observed.

EU & UK References

Vulnerability details

Windows Search Remote Code Execution Vulnerability

CWE(s)
KEV Date Added
17 July 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20107
microsoft
windows 10 1607
≤ 10.0.14393.6167 · ≤ 10.0.14393.6167
microsoft
windows 10 1809
≤ 10.0.17763.4737 · ≤ 10.0.17763.4737 · ≤ 10.0.17763.4737
microsoft
windows 10 21h2
≤ 10.0.19044.3324
microsoft
windows 10 22h2
≤ 10.0.19044.3324
microsoft
windows 11 21h2
≤ 10.0.22000.2295
microsoft
windows 11 22h2
≤ 10.0.22621.2134
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.6167
+2 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the race condition in Windows Search.

preventdetect

Malicious-code protection mechanisms can block or alert on the arbitrary code that results once the race condition is won.

detect

Continuous system monitoring can identify anomalous Windows Search behavior or post-exploitation activity associated with this RCE.

References