CVE-2023-36884
Published: 11 July 2023
Summary
CVE-2023-36884 is a high-severity Race Condition (CWE-362) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Deeper analysis
CVE-2023-36884 is a remote code execution vulnerability in the Windows Search component, assigned CWE-362 for a race condition weakness. It carries a CVSS 3.1 score of 7.5 reflecting network attack vector, high attack complexity, no required privileges, and required user interaction, with high impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can exploit the flaw over a network connection to execute arbitrary code on the target system, provided the victim performs a specific user action that triggers the race condition in Windows Search.
Microsoft security updates address the issue through the MSRC advisory, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog, indicating federal agencies must apply mitigations.
The vulnerability shows a high EPSS score with a current value of 0.9297 and a peak of 0.9325, and confirmed real-world exploitation activity has been observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-40804
Vulnerability details
Windows Search Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 17 July 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of the vendor patch that eliminates the race condition in Windows Search.
Malicious-code protection mechanisms can block or alert on the arbitrary code that results once the race condition is won.
Continuous system monitoring can identify anomalous Windows Search behavior or post-exploitation activity associated with this RCE.